Create an incident response plan
Summary
An incident response plan outlines how an entity will respond to a fraud incident.
Why this countermeasure matters
Lack of an incident response plan may lead to:
- intelligence and investigation processes being uncertain or less effective
- poor decision-making and mistakes during the response
- increased financial and reputational damage
- less effective disruption and prosecution efforts.
How to put this countermeasure in place
Some ways to implement this countermeasure include creating incident response plans like:
- a Cyber Security Incident Response Plan
- a Data Breach Preparation and Response Plan
- an Incident Response Plan for serious cases of fraud or corruption.
How to measure this countermeasure's effectiveness
Measure the effectiveness of this countermeasures by using the following methods:
- Confirm it is clear when the plan would be triggered.
- Review response plans to see if they conform to the Australian Government Investigations Standards and other national guidelines and frameworks.
- Confirm that the plan and documentation would be easily accessible when required.
- Confirm that the plan shows a timely and standard response to major incidents.
- Confirm that the plan clearly defines command and control structures for:
- decision-making
- actions, mitigations and remediation
- communication such as with staff or the public
- engagement with Ministers, stakeholders and partner entities.
- Confirm the plan remains up-to-date by checking that it assigns roles/accountability to current positions/divisions.
- Run through hypothetical scenarios to determine if the plan is resilient and adaptable.
- Check that the plan is regularly reviewed/tested, including post-incident reviews.
Related countermeasures
This type of countermeasure is supported by:
Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.
Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.
Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.
Make sure a manager, independent person or expert oversees actions and decisions. Multiple people being involved in actions and decisions increases transparency and reduces the opportunity for fraud.
Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.
Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.
Provide staff with the knowledge and skills required to analyse and investigate different types of fraud.
Investigate fraud in line with the Australian Government Investigation Standards (AGIS).
Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs.