Investigation insights: Get the best performance measurement factors

Investigation insights: Get the best performance measurement factors

Polonious_Investigation Insights Study Cover

During the International Association of Special Investigation Units (IASIU) conference held virtually on September 14 and 15, 2020, Polonious ran a panel discussion with some of the world’s leading investigation professionals. Investigation Insights contains new research into the performance, effectiveness and challenges of special investigation units, and communicates how better insights can drive improvements in productivity. You can download the full report here.

In this blog, we will look at the factors by which investigators measure the performance of their SIU and them impact they have.

To gather performance insights, we asked survey respondents to describe the factors by which they measure the performance of their SIU and found that they were largely as we would expect, though there were some concerns.

Referrals can mask real SIU performance

The overwhelming majority of respondents (80%) use number of referrals as a performance measure. When considered alongside the percentage of false positives, this is only a measure of how much work the SIU is doing clearing those cases — not a measure of how much value the SIU is providing.

For example, if you are an SIU with more than 40 per cent false referrals, as some of our respondents appear to be, then your true performance figure — the referrals that result in savings — is less than 60 per cent of your total referrals.

The next most commonly used metric is whether or not fraud is determined, which was used by 55 per cent of respondents. This is getting closer to reporting on actual value — cases where fraud was found and, we can assume, savings were made — but it is not quantifying those savings. This means you might be finding a lot of small fraud, which is good, but the ROI of your budget on those cases might not be there.

However, Figure 10 shows the range of individual measures employed, which we have itemised for illustrative purposes. Respondents could give multiple answers, and most, if not all, sensibly use a combination of measures.

There were also around 40 to 50 per cent of units using the percentage of claims investigated, and percentage referred to a department of investigations (DOI), and another 25 per cent reporting on recovered premiums and 40 per cent reported specifically measuring for ROI.

So, for example, measuring the total number of referrals combined with a percentage of investigations, and a percentage of referrals to DOI, would give a reasonable picture of SIU performance.

However, in terms of value provided to your organisation, the ROI — costs on investigations versus savings on claims — is an easily recognisable measure to claims executives.

Figure 10: Measures used by organisations to calculate the performance of the SIU

Figure 10: Measures used by organisations to calculate the performance of the SIU


Many respondents also report on indirect performance measures (see Figure 11) such as training and deterrent effects.

Figure 11: Performance activities not directly related to investigations


A bit more than half (53.33%) report on fraud deterrent effects, and 60 per cent report on training they provide for other staff on detecting and preventing fraud. Two thirds of respondents (66.67%) report on various other non-fraud related activities, but for this survey we did not go into further detail of what they were.

The contribution of these indirect activities to financial performance is harder to measure. However, it speaks to the proactive work that SIUs are doing to prevent fraud, which is very encouraging.

5 ways to stop workplace harassment and discrimination before it hurts

5 ways to stop workplace harassment and discrimination before it hurts

Stop harassment and discriminatioon before they startIn this blog we’ll look at five ways to help prevent harassment and discrimination among staff before they take their toll.


1. It’s okay to say something

If people are too scared to say something, then it probably won’t get said. Start by reassuring staff that it is okay to report any incident of harassment or discrimination. Make sure everyone in the organisation has access to a newsletter (or other notification) that poor behaviour won’t be tolerated and should be communicated.

If most people know they are likely to be “dobbed in” then the potential for sinister conduct is reduced. It’s also good practice for employers to encourage staff to identify issues before a complaint is made to prevent unnecessary escalation.


2. Do have a policy

Don’t think matters will always resolve themselves, or should be handled in an ad-hoc way by the individual presented with a complaint. Have a consistent policy for dealing with harassment or discrimination and make sure the policy template is recognised, and can be applied by, all the key stakeholders.

The policy doesn’t need to be overly bureaucratic but it should clearly define the severity of different incidents and an appropriate course of action to resolve them.

A policy which facilitates managers who listen and engage with employees to resolve potential disputes makes it easier for everyone if there is a problem. And it makes it easier for staff to raise a question in proper way that will result in an answer.


3. Keep an eye out

Are certain staff clearly not themselves? Keep a look out for anecdotal changes in behaviour, participation and performance. Such changes could mean harassment or some other incident which has led to dissatisfaction. A change in emotion state is one of the best ways to discern if something is wrong that no app can replicate.

Employers should keep an eye out for any sign of employee distress or dissatisfaction, and you can conduct management training to notice the signs of unhappy employees.

Casually observing staff while they are working should give you enough clues to any dissatisfaction or changes in morale.

In addition, keep an eye on who is leaving the organisation and why. A high turnover in one department or under one manager might indicate a toxic culture.


4. Monitor the metrics

In addition to point three above, use automated metrics where it is practical to do so. Things like anomalies in sick leave, measurable output and email volumes can be flagged for follow up by HR to see if there are any concerns.

Identifying trends will indicate both good and poor performance and a feel for what is likely to change in the event of harassment or discrimination.

This tactic can be applied across the company and should reduce the need to “look over the shoulder” of staff to determine if there is a problem.


5. Fine tune your processes

When new trends that appear in the workplace – for example, a new social network – the processes and policies for dealing with inappropriate behaviour should be updated accordingly. Using a new social network to harass co-workers is not acceptable, even if it wasn’t part of an exciting policy.

Ensure your policies and processes are flexible and can be consulted on, and updated, by all stakeholders.

Updating your processes is important as different workplaces have different forms of harassment and discrimination. A workplace where there is potential for dishonest activity (handling money, privileged access, etc) might be very different to one that does not.

At Polonious, our application helps organisations develop better policies and processes, and improves the challenging task of dispute resolution.

By stamping out the first sign of a toxic culture staff will be happier and stick around for the long run and the company’s ethical standards will be highly regarded.

Benefits of Moving to AWS

Benefits of Moving to AWS

Polonious offers a number of hosting options, primarily focused on AWS but including self-hosting by clients as well as hosting on Polonious’ own co-located servers. However, over the last few years most new clients have signed up for our AWS hosting option, and Polonious has successfully migrated many companies into the AWS cloud.

This is often requested in order to meet ever-increasing security and compliance requirements. Technical requirements such as stronger network security, encryption in transit and at rest, and secure log retention as well as operational requirements such Business Continuity and Disaster Recovery, where AWS offers multiple levels of redundancy versus co-located servers, and especially versus self/on-premises hosting. Polonious’ Knox Grade infrastructure is easy to implement on AWS and, together with AWS’ own security setup, provides ISO27001 certified levels of confidentiality, integrity and availability.

For these reasons, many organisations are moving computing services to the cloud, not just case management. With deep AWS product knowledge and close working relationships with clients, Polonious can help you implement a secure, robust cost-effective cloud solution.

This blog will help you understand the benefits AWS brings to our clients, to help you determine which solution works best for your organization.

This blog will address:

  • What is AWS (Amazon Web Services)
  • Benefits of AWS
  • How we can help

What is AWS

AWS stands for Amazon Web Services, the world’s “most comprehensive and broadly adopted cloud platform”. AWS helps millions to:

  • Lower their business costs, by only paying for cloud services and storage they need
  • Become more agile, offering systems you can access from anywhere in the world
  • Innovate faster, removing time spent worrying about in-house servers and software

Amazon Web Services (AWS) provides a reliable, scalable and low-cost infrastructure platform powering businesses in 190 countries around the world. It can help streamline fragmented processes, speed up project delivery, and reduce company costs. 

AWS encompasses many services, including everything from databases to machine learning. Popular services include AWS RDS (reliable database services), AWS S3 (simple, secure storage) and AWS EC2 (scalable compute capacity). Polonious uses all those services for our AWS hosting option.

According to Yahoo Finance, Amazon Web Services are trusted by some of the world’s largest companies, including Unilever, Intel and Dropbox. However, Amazon’s cloud service is a good choice for virtually every type of company, no matter how big or small. From a start up to a Fortune 500 company, every business has the option to customize a spot for themselves on the cloud.

Benefits of AWS

Data Protection and Encryption

All data on the AWS network is automatically encrypted including data in transit and at rest. With AWS, you can control where your data is stored, who can access it, and what resources your organization is consuming at any given moment. Fine-grain identity and access controls combined with continuous monitoring for near real-time security information ensures that the right resources have the right access at all times. 

Point-in-time recovery and continuous backup

Polonious on AWS offers detailed backup and recovery options, with daily snapshots of the database and backups of the transaction logs for 35 days (created in 5 minute intervals). This transaction log can be used to roll back data to any day and time within the last 35 days and allows a RPO of only 5 minutes. Additionally nightly snapshots of the database are created and stored for 10 days.

Governance, Risk and Compliance

Given the gravity, complexity, and growing number of risks that organizations face, the regulatory/compliance landscape is rapidly evolving. AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, helping satisfy compliance requirements for virtually every regulatory agency around the globe. Enhanced data security ensures compliance with relevant regulatory requirements. Take a look at the AWS compliance programs.


One of the key benefits of AWS migration is enhanced performance. Using the AWS cloud platform you could easily deploy, manage, and monitor your applications. Thus bringing better alignment between application utilization and business performance. 

Enhanced Security

Data theft and cybersecurity are an increasing risk to many companies; learn more about the nature of these crimes in: Workplace Fraud: 3 Common Data Theft Schemes. AWS offers way more security as compared to a company’s own hosted website or storage. AWS has redundant data centers in all major jurisdictions around the globe.  This allows for sophisticated failover solutions that are hard to implement on-premise or via co-located server centers.

How Polonious can Help

Polonious has led multiple migration projects which allows our clients to enjoy the benefits of enhanced security, compliance and performance. Using our technical and legal expertise, we help organizations through all the phases of migration projects from discovery to execution. Polonious offers a multi-stage approach to transformation: diagnosing the state of your current hosting solution, creating the best AWS migration strategy for you, then transitioning your instance. We take the time to ensure that your cloud migration goes smoothly and is in-line with your company goals.

Polonious’ Knox Grade infrastructure is ISO27001 compliant, meaning it meets internationally recognised security standards. This infrastructure comes with intrusion and threat detection, secure web application firewalls, and detailed backup and point-in-time recovery. Additionally, it is regularly penetration tested and drilled against various disaster recovery scenarios. The Polonious Case Management Software offers an opportunity to take advantage of better methodologies, technology and workflows to integrate compliance and customer service into everyday processes.

Our team is experienced in large-scale AWS migrations, having led many successful migration projects.

AWS is 'Amazon Web Services', one of the leading cloud hosting providers.

AWS is ‘Amazon Web Services’, one of the leading cloud hosting providers.

Benefits of migrating to AWS include improved backup, recovery, and availability options, as well as easier installation of our Knox Grade security options.

Benefits of migrating to AWS include improved backup, recovery, and availability options, as well as easier installation of our Knox Grade security options.

Migrate to AWS Now

Are you an existing co-located or on-premise hosted customer? Or a new customer who would like to explore secure case management hosted on AWS? Contact us today.

Investigation insights: How to take hold of referral sources

Investigation insights: How to take hold of referral sources

Polonious_Investigation Insights Study Cover

During the International Association of Special Investigation Units (IASIU) conference held virtually on September 14 and 15, 2020, Polonious ran a panel discussion with some of the world’s leading investigation professionals. Investigation Insights contains new research into the performance, effectiveness and challenges of special investigation units, and communicates how better insights can drive improvements in productivity. You can download the full report here.

In this blog, we will review how referrals are garnered and why it is important to vet them properly.

When respondents were asked how cases were referred to them for investigation their responses were somewhat predictable. Most SIUs (85%) get referrals from claims units. Beyond that, other methods of sourcing referrals were reasonably evenly spread.


Figure 3: How cases are referred for investigation


Automated tools such as analytics engines using predictive analytics, machine learning, artificial intelligence and rules-based algorithms are employed by 50 per cent of organisations, 60 per cent use fraud hotlines, and 65 per cent said they seek out cases proactively.
It is important to note though, that we did not ask what proportion of cases are referred from each of these sources.

A big surprise for us was that around half (52.63%) of respondents did not record the number of false positive referrals they receive — those that, on first glance from an experienced investigator, are clearly not going to go anywhere — from either an analytics tool or their claims unit.


Figure 4: Keeping track of false positives


A smaller but still significant percentage (38.89%) told us that when they did receive a false positive they did not feed the information back to the analytics tool in order to improve referrals.

Triaging referrals

There will always be claims that legitimately warrant suspicion but, upon investigation, turn out to be valid. Where you want to draw the line on level of suspicion is a matter for each SIU. You may only want to investigate “slam dunks”, or those with a 100 per cent strike rate, but risk a lot of potential fraud slipping through. Or you may want to investigate every possible case, but end up spending a lot of time on claims that turn out to be valid.

This triage process might not take a long time — but even if it takes about five minutes per case, after 100 false positives, you have lost a whole day of work. In SIUs with high case volumes, this adds up. And in SIUs with low case volumes, there is likely not much budget to waste on spinning wheels.
At a minimum, reporting on raw numbers can identify some inefficiencies before putting pressure on investigators.

Compare this to the SIUs that did record false positives. About a sixth of those respondents had between 21 and 40 per cent of referrals as false positives, while a full quarter reported that between 41 and 60 per cent of their referrals turned out to be false positives.


Polonious SIU Metrics Report Figure5

Figure 5: What percentage of referrals are false positives


While this was just a quick questionnaire with a small sample size (only 12 respondents for this question), if the numbers are representative of the wider industry there is a big proportion of SIUs where around half their cases should not even have been referred to them for investigation. What’s more, around half of them would not even know a referral was a false positive.

As mentioned above, of the units that track false positives, almost 40 per cent are not feeding these back into the detection tool, so we would hope that these are not the units receiving 41 to 60 per cent false positives.


Figure 6: Proportion of organisations feeding results back into fraud detection tools


Analytics tools work by learning the flags for fraud — either through AI or through analysts updating the rules as they receive data. If false positives are not being fed back into these tools, they cannot update the rules, and they are going to keep sending you bad cases.

If you are getting 50 per cent false positives, you are paying investigators to read case details and not provide value. And if these results are not being used to enhance your detection systems, you are going to be doing that every quarter.

The huge cost of insurance fraud: $40B a year in the US alone

The huge cost of insurance fraud: $40B a year in the US alone

Polonious is a market leader when it comes to helping insurance companies combat insurance fraud and other forms of malpractice. What does this mean for insurance companies? Quite a lot it seems. While it is difficult to know exactly how much fraud costs the insurance industry, we do know it is big business.

In the US, the FBI estimates the total cost of insurance fraud (non-health insurance) is estimated to be more than $US40 billion per year, which translates to between $400 and $700 per year in the form of increased premiums for the average family. With more than 7,000 companies collecting over $1 trillion in premiums each year in the US, the size of the industry provides more opportunities and bigger incentives for committing illegal activities, according to the FBI.

In Australia, the Insurance Council of Australia reports the most common form of insurance fraud to be the exaggeration of personal claims, or “opportunistic fraud”. In contrast, premeditated, or planned, frauds are usually committed by the professional fraudster and often by organised criminal gangs. According to the ICA, while the total cost of insurance fraud is difficult to estimate with precision, in 2017 insurers detected $AU280 million in fraudulent claims across all insurance classes, excluding those relating to health insurance or personal injury (CTP, Government run Workers compensation etc). With this figure the amount of detected insurance fraud, the amount that goes undetected is likely to be much higher.

According to the Insurance Information Institute (III), common types of fraud activity include “padding”, or inflating claims; misrepresenting facts on an insurance application; submitting claims for injuries or damage that never occurred; and staging accidents.

Customer service quality also plays some part in the fraud prevention cycle as some level of fraud committed by consumers can be driven by “revenge” or “retaliation” for a personal service exchange which they think is unfair.

Checking the types of insurance fraud

According to the III, the types of fraud insurance firms must work to combat include:

  • Auto insurance fraud: Auto insurance fraud ranges from misrepresenting facts on insurance applications and inflating insurance claims to staging accidents and submitting claim forms for injuries or damage that never occurred, to false reports of stolen vehicles.
  • Healthcare fraud: Although healthcare insurance is generally outside the purview of property/casualty insurance, healthcare fraud affects all types of property/casualty insurance coverage that include a medical care component, such as medical payments for auto accident victims or workers injured in the workplace.
  • Workers compensation fraud: Employers who misrepresent their payroll or the type of work carried out by their workers to pay lower premiums are committing workers compensation fraud. Some employers also apply for coverage under different names to foil attempts to recover monies owed on previous policies or to avoid detection of their poor claim record.
  • Property fraud: When disasters strike some individuals or groups see an opportunity to file claims that are either exaggerated or completely false. Some even intentionally damage property after a disaster to receive a higher payout.

For these reasons it is important to have a canonical audit trail of activity to identify and prevent fraud before it happens.

Polonious Co-CEO Alastair Steel, says insurance fraud can be dramatically reduced with more timely and accurate information that tracks all of the many moving parts of a claim or investigation. As we have discussed in other blogs, merely identifying potential fraud will not reduce the cost of the identified fraud. Simply adding notes to the claims system or customer files will not adequately manage a complex fraud investigation. Lastly, if you’re not tracking the amounts you save versus the costs of the investigation, you can’t be clear on on the value you’re providing.

A dedicated case management system is the hub that brings all of your monitoring and insights together – insights from your claims handlers looking at files and insights from your analytics engines running over your data – and helps your investigators turn them into strong briefs you can use to deny fraudulent claims or recover those already paid. Lastly, all of your reporting can be used to identify trends and feed back into analytics, to help you identify more fraud.

With GICoP now in force, download our free compliance guide

With GICoP now in force, download our free compliance guide

With GICoP now in force, download our free compliance guideAustralia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history and Polonious is at the forefront of tracking the changes.

To help you keep up, we have prepared a report detailing how the changes directly impact insurance companies.

The guide, New General Insurance Code of Practice: A reference guide to how changes will impact fraud investigations, outlines the penalties for non-compliance and shows how you can not only meet the compliance requirements, but improve your business as a result.

Download your free copy now to:

  • Make sense of the new legally binding investigation rules as they apply to investigators
  • Learn how compliance can help you avoid heavy financial penalties
  • Avoid breaches being escalated to AFCA and ASIC
  • Use the changes as an opportunity to streamline your business
  • Improve investigation information management with new technology
  • Boost customer satisfaction and relationships, and increase referral marketing

Keep ahead of compliance

The guide also helps you quickly locate the 42 points in the new code that affect insurance investigations with its included summary.

If you would like a printed copy, ask us and we will get one mailed to you. Also, If you would like guidance in managing the new General Insurance Code of Practice, contact Polonious Systems today.

Since 2005, Polonious Systems has provided scalable workflow management and risk assessment software to businesses of all sizes. We are committed to staying ahead of technological advancements and providing advice and support with IT capabilities across insurance investigation, banking, private investigations, and education. We’re renowned for our wealth of experience, professional conduct, and willingness to support our clients comprehensively.

If you would like assistance in managing and understanding the new General Insurance Code of Practice, contact the Polonious Systems team and find out what we can do for you.

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.