What does a good counter fraud service look like?
Fiona McIlwraith, Quality and Compliance Lead, answers some central questions about NHSCFA's quality assurance work.
Health organisations can obtain their counter fraud service in several ways: via a directly employed Local Counter Fraud Specialist (LCFS); a shared service arrangement; or an audit consortium. Each has its pros and cons but in all cases, directors of finance must be able to judge the quality of the service
There are five key considerations for an organisation to bear in mind when assessing whether its counter fraud service represents good value for money.
If all five considerations apply, then the organisation will be able to assess the value they are receiving. However, if any one of the five does not apply, there may be difficulties and the organisation may have much less assurance than it would like.
The standards bring significant benefits as a framework to minimise the loss of NHS funds to fraud, bribery and corruption. They also provide a series of ratings criteria which describe what an organisation should do to meet each requirement of the standards.
Organisations are given the opportunity every year to self assess themselves against the standards using our online self review tool and thus can provide themselves with a roadmap for improvement, even if we do not assess them that year.
Without this framework of standards, assurance, self review and external assessment, organisations would be left at risk of significant financial loss.
NHSCFA aims to maintain continuity in the standards while taking account of any new fraud risks that may arise. There are no significant changes in the updated standards following NHSCFA's establishment. However, both the standards and the assessment process remain under constant review to ensure they continue to be fit for purpose. NHSCFA has introduced a new review process to monitor implementation of the recommendations we make under the assessment programme. This helps ensure that we continue to drive improvement nationally.
Read the standards, and pay particular attention to the definitions for red/amber/green ratings that we award as part of the assessment process. These are the requirements your organisation has to meet. Where an organisation is not clear on what they need to do to meet the standards, that is often because they have not read them properly and thought about how they can apply them to their own organisation.
We also provide advice, guidance and support in the form of a list of guidance, supporting documents and evidence that organisations might wish to consider when they are trying to meet the standard. This is the evidence that we will be seeking when we come out to assess.
We are obviously happy to provide guidance but organisations need to think about how they would demonstrate compliance. The standards should be thought of as a destination and there might be a number of routes that an organisation can take to get there and demonstrate compliance.
We are seeking to develop benchmarking reports to assist an organisation in answering the question: what does a good counter fraud service look like?
This is work in progress and we need to take a number of stakeholder views into account. I chair a Quality Assurance Review Group which involves internal and external stakeholders, and data benchmarking is one of the areas we have been discussing.
The audit committee has a crucial role in holding the organisation independently to account in the application of the standards and in ensuring that fraud, bribery and corruption are prevented or, if not prevented, properly investigated.
Few organisations meet all the standards when we assess them. Organisations who are fully compliant with the requirements of each standard receive a green rating in our report and an indication of how well they are doing against the standard in the text.
That report is shared with their Audit Committee Chair and also with their coordinating commissioner (if they are a provider) and with NHS England (if they are a commissioner). So we also advise those bodies of how well the organisation in question is doing. Of course, the same applies if organisations are not meeting the standards.
Performance in relation to requirements under Hold to Account isn't as good as we would like it to be, which can sometimes mean that organisations cannot obtain the sanctions and redress that we'd all like to see.
However, we have seen improvement in both providers' and commissioners' efforts to develop a strong counter fraud culture within their own organisations. Compliance is also improving, albeit slowly, in relation to organisations' codes of conduct.
Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.