NHS Requirement 3:
The organisation has carried out comprehensive local risk assessments to identify fraud, bribery and corruption risks, and has counter fraud, bribery and corruption provision that is proportionate to the level of risk identified. Risk analysis is undertaken in line with Government Counter Fraud Profession (GCFP) fraud risk assessment methodology and is recorded and managed in line with the organisation’s risk management policy and included on the appropriate risk registers, and the risk assessment is submitted upon request. Measures to mitigate identified risks are included in an organisational work plan, progress is monitored at a senior level within the organisation and results are fed back to the audit committee (or equivalent body).
For NHS organisations the fraud risk assessments should also consider the fraud risks within any associated sub company of the NHS organisation.
Guidance, supporting documentation and evidence
Organisations should consider the following (the list is not exhaustive):
- The NHSCFA strategy document NHSCFA Strategy 2020-2023
- Local risk assessment materials
- Evidence of liaison with risk management staff within the organisation
- Evidence of risk monitoring being conducted at a senior level
- Relevant meeting minutes, action points and records of their execution
- Audit committee minutes
- Counter fraud, bribery and corruption work plan is aligned to the risk assessment and NHSCFA counter fraud strategy.
- Progress reports
- Organisational risk registers
- GCFP core discipline “Fraud Risk Assessment”