Corporate report

Initial Fraud Impact Assessment (IFIA) Practice Note (HTML)

Published 18 March 2024

Overview

An Initial Fraud Impact Assessment (IFIA) is a high-level fraud, bribery and corruption impact assessment that should be completed early on in the life cycle of proposed new major spend activity.

The IFIA enables a conversation to happen early in the planning and scoping phases of a business case that considers how fraud could happen as a result of different factors. The IFIA can also help to identify where there are gaps in the counter fraud approach so that these can be considered upfront.

A mandatory requirement for major new spend areas, the process of completing an IFIA provides an overview of some of the main fraud, bribery and corruption impacts and challenges facing an individual business unit, project or programme. Responsibility for the IFIA sits with the Senior Responsible Owner (SRO) of area, scheme or grant.

The Development of the IFIA

• During C-19 schemes were being designed at pace, resulting in Counter Fraud Teams frequently only becoming involved with schemes post announcement.
• In May 2021 Public Accounts Committee (PAC) recommended to “introduce mandatory [initial] fraud impact assessments that require formal sign off from the Counter Fraud Function for all Government Major Project Portfolio programmes (GMPP)”.
• The Government Counter Fraud Function^{[footnote 1]} Centre of Expertise worked with departments to develop an Initial Fraud Impact Assessment (IFIA) process, guidance and template.
• Managing Public Money (PDF, 1,289KB) and the “Green Book” were updated to reflect the introduction of IFIA’s and the mandatory requirement. The IFIA is a template to enable compliance.
• The IFIA is a key tool in the fraud prevention process and its inclusion in the PSFA mandate brings opportunities for closer collaboration with HMT.
• The Government Counter Fraud Profession,  Fraud Risk Assessment Standard was updated (March 2022), providing guidance on how and when to use an IFIA. This can be found on GOV.UK.

Managing Public Money

Departments should provide the Treasury with accurate and timely information about in-year developments - their expenditure, performance against objectives and evolution of risk (e.g. serious unforeseen events or discovery of fraud);

For any new major area of spend, departments shall assess the risk of and impact from fraud at the outset when the spending is being proposed. This should identify the potential for fraud and the different impacts that fraud could have for this spend area. Once spending is approved this should result in the development and continued maintenance of a detailed fraud risk assessment.

Green Book

Care needs to be given to the design of administrative systems where public money is involved in the making of grants, loans or other payments. For major new areas of spend, an initial assessment of how fraud may occur and the potential impacts this will have should be conducted referencing the Government Fraud Risk Assessment Standard. This must be informed by consultation with relevant counter fraud experts and stakeholders at the earliest point in the business case process.

What an Initial Fraud Impact Assessment achieves

An Initial Fraud Impact Assessment (IFIA) is a high-level fraud, bribery and corruption impact assessment that should be completed early on in the life cycle of proposed new major spend activity.

The IFIA is an indicator of the impacts, should fraud occur. It does not evaluate in detail the effects of the controls on the specific fraud risks and the extent to which residual risk remains.

That is the role of the Full Fraud Risk Assessment. However, it should be viewed as a starting point. The IFIA enables a conversation to happen early in the planning and scoping phases of a business case about how fraud could happen as a result of different factors.

The IFIA can also help to identify where there are gaps in the counter fraud approach so that these can be considered upfront. Completing an IFIA should enable the Senior Responsible Officers and Accounting Officers to prioritise which spend activities they should put the greatest focus on for taking action to reduce and react to fraud risk. It also gives a view on the different impacts, not just financial, that instances of fraud would have, and how widespread fraud could be. This will help inform the likely extent of risks and the impacts it will have and help SROs to start to think about their counter fraud resourcing.

Limitations of an IFIA

• An IFIA will not assess the specific fraud risks for that spend.
• An IFIA may not be the best tool to use if all aspects of spend design are set. IFIA’s add the most benefit when conducted during the design phase.
• An IFIA will identify a high or very high impact scheme, this may not translate into a high or very high risk scheme

The benefit of the IFIA to the Counter Fraud Team and beyond

Embedded into departmental governance arrangements, the IFIA is used to inform spend approval decisions and provide early assessment of the need to resource counter fraud activity, including mapping out counter fraud requirements throughout the spend area life cycle. It should also help to identify when the proposed design of a spend activity needs to be adapted or changed in relation to counter fraud concerns.

As the individual business units, projects, programmes or spending areas develop through the spending life cycle and business case phases, it should drive prioritisation and completion of a Full Fraud Risk Assessment, which must be undertaken once scheme control frameworks are designed.

Early Assessment

The IFIA provides early assessment of the need to resource counter fraud activity, including mapping out counter fraud requirements throughout the spend area life cycle.

Upfront Identification

The IFIA is an indicator of the impacts should fraud occur. It should help to identify when the proposed design of a spend activity needs to be adapted or changed in relation to counter fraud concerns.

Prioritisation

The IFIA should enable the SRO and Accounting Officers to prioritise which of their spend activities require the greatest focus for taking action to reduce and react to fraud risk.

Image 1

When and How to complete the IFIA

The IFIA should be completed as early in the life of a spend initiative as possible. For example, in the planning and scoping phase of a business case which typically happens at the Strategic Outline Business case stage and before the Final Business Case is completed.

The list below shows how the IFIA fits into the scheme design process.

1. Policy Request/Design Begins - PM/Chancellor/Minister requests a policy to be designed, or a policy team begins pro-actively working on a policy ahead of a fiscal event.
2. Initial Fraud Assessment - HMT policy/spending team, counter fraud team and delivery department(s) begin conversations about the scheme. Ability to still make changes to the scheme.
3. Eligibility Criteria Set - After input from the delivery department, the HMT policy/ spending team and counter fraud team(s), the eligibility criteria is defined.
4. Policy Announced - Policy announced to the public. Depending on the time-frame of the announcement, policy work on mitigating fraud risks may be ongoing.
5. Full Fraud Risk Assessment - A Full FRA will evaluate in detail specific fraud risks and the remaining residual fraud frisk, once the spending has been approved/delivered.

Depending on the fraud impacts it may be better to do an IFIA for each strand (i.e. projects within a programme) or one IFIA at programme level may be better. Major new spend could be operational spending, a project or part of a programme. This depends on the range of likely fraud impacts across the whole initiative that makes up spend.

The IFIA requires the Senior Responsible Owner (SRO) or Senior Policy Owner (SPO) to work with the policy/project/programme team, using their knowledge and judgement to assess how the different factors could cause fraud to happen by considering strategic factors; delivery, funding and resourcing factors and counter fraud approach factors.

Each factor is made up of a series of assessments ranked between ‘Very Low’ and ‘Very High’. A short explanatory note of the reason for each assessment should be given to provide a rationale for the chosen mark.

The role of the Counter Fraud Practitioner

The IFIA forms are designed to be completed by the policy and project teams in collaboration with the organisation’s counter fraud team during early scheme design. This will ensure that the impact of fraud is better understood and used to inform scheme design decisions, including highlighting the importance of ensuring that there are adequate plans and resources in place to help mitigate where possible any inherent fraud risk exposures.

It is a responsibility of the SRO to ensure policy and project teams are made aware that they can and should, consult their own counter fraud teams for support where appropriate in completing an IFIA.

Counter Fraud Practitioners

Counter Fraud Practitioners hold a broad range of understanding of fraud risks within a wider enterprise risk management framework, along with knowledge of the fraud landscape in HMG, the UK and internationally, across a range of specialisms.

Non-Counter Fraud Practitioner

Those who do not work directly within a counter fraud arena may end up being required to complete an IFIA, i.e. a Policy or Project professional driving forward a new scheme. The IFIA template and guidance has been designed specifically for this audience for use during early scheme design to ensure that the impact of fraud is better understood and used to inform scheme decisions.

How the IFIA should be assessed

Where to obtain support for completing the IFIA

It is the responsibility of the SRO to ensure that the IFIA is completed and that it is accurate to the best of their knowledge. Help with this can be obtained through the Public Sector Fraud Authority’s Risk Threat and Prevent Team

psfa-rtp-services@cabinetoffice.gov.uk, or the Government Internal Audit Agency counterfraud@giaa.gov.uk

How the IFIA should be assessed

Once completed by the individual business unit, project, programme or spending area, the IFIA should undergo a quality assurance review by a Counter Fraud Professional.

Additionally, it is a mandatory requirement that IFIA’s for major new spend areas^{[footnote 2]} are submitted to the Public Sector Fraud Authority’s Performance, Assurance and Evidence Team for a quality assurance assessment. Submissions should via be ifia@cabinetoffice.gov.uk

The Government Major Projects Portfolio

A major new area of spend can be defined as any programme which:

• requires funding over and above departmental expenditure limits
• requires primary legislation to implement
• are innovative or contentious

Training details

The Public Sector Fraud Authority’s Practice, Standards and Capability Team (PSFA - PSC) is developing an Initial Fraud Impact Assessment online learning programme.

The PSFA - PSC Team also provides a knowledge based online learning programme for Fraud Risk Assessors.

For more information contact gcfpcentreoflearning@cabinetoffice.gov.uk

You can find more information on fraud risk assessments and initial fraud impact assessments in the Professional standards and guidance: fraud risk assessment in government.

If you would like further information on this Practice Note please contact gcfpcentreoflearning@cabinetoffice.gov.uk

1. Now the PSFA ↩

2. In May 2021 Public Accounts Committee (PAC) recommended to “introduce mandatory [initial] fraud impact assessments that require formal sign off from the Counter Fraud Function for all Government Major Project Portfolio programmes (GMPP)”. ↩