GovS 013 component 10: Undertake detection activity

Undertake activity to try and detect fraud in high-risk areas where little or nothing is known of fraud, bribery and corruption levels, including loss measurement activity where suitable. GovS 013 ref: 5.6

Published: 13 February 2025

Version: 3.0

NHS Requirement 10

The organisation undertakes proactive work to detect fraud using relevant information, intelligence and fraud risk assessments to identify anomalies that may be indicative of fraud, bribery and corruption. Proactive detection activity includes local proactive exercises (LPE) in high fraud risk areas, based on the organisation’s fraud risk assessment and participation in national exercises co-ordinated by the NHSCFA. Other proactive activity that are not LPEs include taking action in response to Fraud Prevention Notices (FPN) or IBURNS.

Findings of this proactive work are evaluated and where appropriate used to develop improvements to prevent and deter fraud, bribery and corruption as well inform the organisation’s fraud risk assessment. Instances of suspected fraud, bribery and corruption identified through the proactive work are subject to appropriate investigation.

Relevant information and intelligence may include (but is not limited to) internal and external audit reports, information on outliers, recommendations in investigation reports and NHSCFA intelligence reports and loss measurement exercises.

Key findings from proactive work are acted upon promptly.

Organisation meets the requirement

The organisation carries out Local Proactive Exercises (LPE) to review and tests controls in locally and nationally identified high fraud risk areas.

LPEs are clearly linked to the organisation’s fraud risk assessment.

Where anomalies are identified that may be indicative of fraud, bribery and corruption, these are progressed to establish whether they require investigation. Instances of suspected fraud, bribery and corruption identified through the proactive work are investigated and recorded appropriately on the approved NHS case management system.

Findings from LPEs are used to make meaningful recommendations to improve the effectiveness of processes to prevent and deter fraud, bribery and corruption. Recommendations are appropriately actioned by the organisation.

Documentation to support LPEs are recorded on appropriately on the NHS case management system, including final reports and terms of reference.

Any other proactive detection activity undertaken is properly recorded on the approved NHS case management system, including outcomes achieved and associated system weakness reports.

Key findings and outcomes resulting from LPEs and other proactive exercises are evaluated by the organisation and used to inform fraud risk assessments and related future proactive exercises.

Organisation partially meets the requirement

The organisation carries out LPEs to address locally and nationally identified high fraud risks.

Local proactive exercises are based on fraud risks but cannot be clearly linked the organisation’s fraud risk assessment.

Where anomalies are identified that may be indicative of fraud, bribery and corruption, these are progressed to establish whether they require investigation. Instances of suspected fraud, bribery and corruption identified through the proactive work are investigated and recorded appropriately on the approved NHS case management system.

There is limited evidence of the findings of LPEs and other proactive work being used to improve the effectiveness of processes to prevent and deter fraud, bribery and corruption.

Proactive detection activity undertaken is properly recorded on the approved NHS case management system, including outcomes achieved and associated system weakness reports.

Findings and outcomes of LPEs and other proactive exercises are not fully utilised to inform fraud risk assessments and future proactive work.

Organisation does not meet the requirement

There is limited evidence that the organisation carries out LPEs to address locally and nationally identified high fraud risks, or to identify anomalies that may be indicative of fraud, bribery and corruption.

LPEs are not undertaken or are not based on the organisation’s fraud risks. LPEs are not appropriately recorded on the approved NHS case management system.

There is limited evidence of proactive detection activity recorded on the approved NHS case management system.

Guidance, supporting documentation and evidence

Organisations should consider the following (the list is not exhaustive):

  • The NHSCFA strategy
  • Results from evaluation activities, for example a measured reduction in risk
  • Evidence of liaison with internal audit
  • Evidence of liaison with finance and payroll staff
  • Minutes of relevant meetings, action points and records of their execution
  • Information and reports from the NHSCFA’s Intelligence Unit
  • Notices and reports shared by the NHSCFA’s Fraud Hub Prevention team
  • Guidance for Planning, Designing and Conducting Local Proactive Exercises issued by the NHSCFA’s Fraud Hub Prevention team
  • Other records held by the NHSCFA (e.g. on the approved NHS case management system)
  • Documents relating to the planning and preparation of local proactive exercises, such as terms of reference
  • Final reports from local proactive exercises
  • Final report findings from participation or response to national exercises co-ordinated by NHSCFA
  • NHSCFA quarterly bulletins and comms
  • NHSCFA’s ‘Intelligence Alerts, Bulletins and Local Warnings Guidance
  • Matches identified through the National Fraud Initiative
  • General Condition 5.8 of NHS Standard Contract 2024/25
  • Home Office guidance 'Right to work checks: an employer's guide'
  • NHS Employers guidance, Employment Check Standards
  • Care Quality Commission ‘Guidance for providers on meeting the regulations’
  • Learning aims and outcomes of training on pre-employment checks
  • Evidence that relevant staff have been trained and that training is kept up to date
  • Evidence of the organisation checking external employment agencies’ compliance
  • Evidence that the appropriate processes have been followed (e.g. records of sample checks made by the organisation)
  • Evidence of review of contracts
  • Evidence of supplier framework audits
  • Evidence of proactive work conducted in this area
  • Examples of reviews and/or audits of pre-employment checking
  • Examples of where the results of evaluation and/or audits have led to improvements to pre-employment checking
  • Relevant risk assessments
  • Evidence of the review of policies and procedures relating to procurement fraud, bribery and corruption
  • Risk management group minutes
  • Records of prevention and detection work carried out in compliance with the NHSCFA document ‘Pre-contract procurement fraud and corruption: Guidance for prevention and detection’
  • Awareness materials for fraud, bribery and corruption risks in the area of procurement
  • Evidence of the evaluation of counter fraud measures
  • Evidence of gifts and hospitality declarations and conflict of interest declarations by procurement staff and evidence of any necessary subsequent actions taken
  • Examples of where the results of evaluation and/or audits have led to improvements to procurement processes
  • NHS England ‘Managing Conflicts of Interest in the NHS’ Guidance for staff and organisations.
  • The NHSCFA document Invoice and mandate fraud: (guidance for prevention and detection)
  • Evidence of the review of policies and procedures relating to invoice fraud
  • Records of deterrence, prevention and detection work carried out in compliance with the NHSCFA guidance
  • Awareness materials on fraud, bribery and corruption risks in the area of invoicing
  • Examples of where the results of evaluation and/or audits have led to improvements to invoicing processes
NHSCFA document's

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.

Close

Thanks for the feedback!

Close