Skip to main content

Create an incident response plan

Type of countermeasure

This is a response countermeasure. Response countermeasures respond to fraud after it has occurred. They help to reduce the consequences or disrupt further consequences.


An incident response plan outlines how an entity will respond to a fraud incident.

Why this countermeasure matters

Lack of an incident response plan may lead to:

  • intelligence and investigation processes being uncertain or less effective
  • poor decision-making and mistakes during the response
  • increased financial and reputational damage
  • less effective disruption and prosecution efforts.

How to put this countermeasure in place

Some ways to implement this countermeasure include creating incident response plans like:

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasures by using the following methods:

  • Confirm it is clear when the plan would be triggered.
  • Review response plans to see if they conform to the Australian Government Investigations Standards and other national guidelines and frameworks.
  • Confirm that the plan and documentation would be easily accessible when required.
  • Confirm that the plan shows a timely and standard response to major incidents.
  • Confirm that the plan clearly defines command and control structures for:
    • decision-making
    • actions, mitigations and remediation
    • communication such as with staff or the public
    • engagement with Ministers, stakeholders and partner entities.
  • Confirm the plan remains up-to-date by checking that it assigns roles/accountability to current positions/divisions.
  • Run through hypothetical scenarios to determine if the plan is resilient and adaptable.
  • Check that the plan is regularly reviewed/tested, including post-incident reviews.

Related countermeasures

This type of countermeasure is supported by:

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

 Investigate fraud in line with the Australian Government Investigation Standards (AGIS).

Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs.

Related Fraudster Personas

Was this page helpful?