The institution defines a strategy on fraud control and error risk management.

The strategy should include an organizational structure, specialization of roles (e.g. analysis, planning, control in the field), methodologies and procedures. It should balance preventive and corrective approaches, and be based on both intensive use of information and field activities (on-site inspections).

Structure

• The board should issue a policy statement on fraud control within the context of contribution collection and compliance, established on a risk-profiling approach. The strategy should focus the resources for fraud control on sectors and populations at higher risk (e.g. web-based enterprises, construction firms, self-employed workers, rural workers, agricultural labourers, etc.).
• Preventive and corrective approaches should be balanced, aiming at supporting voluntary compliance and suppressing intentional evasion and fraud.
• The board should establish units dedicated to fraud and error detection and control, and define the corresponding duties and responsibilities.
• The strategy should characterize the different types of fraud scenarios that may appear and define specific approaches to address them.
• The strategy for fraud control should include organizational structure, methodologies and procedures for the main activities, and a performance evaluation method based on key indicators. It should also differentiate treatment of internal and external fraud.
• The management and the board should establish a unit or internal audit office dedicated to implementing control activities against corruption and fraud, both within the institution and in coordination with external entities.