Create an incident response plan

Type of countermeasure

This is a response countermeasure. Response countermeasures respond to fraud after it has occurred. They help to reduce the consequences or disrupt further consequences.

Summary

An incident response plan outlines how an entity will respond to a fraud incident.

Why this countermeasure matters

Lack of an incident response plan may lead to:

intelligence and investigation processes being uncertain or less effective
poor decision-making and mistakes during the response
increased financial and reputational damage
less effective disruption and prosecution efforts.

How to put this countermeasure in place

Some ways to implement this countermeasure include creating incident response plans like:

a Cyber Security Incident Response Plan
a Data Breach Preparation and Response Plan
an Incident Response Plan for serious cases of fraud or corruption.

How to measure this countermeasure's effectiveness

Measure the effectiveness of this countermeasures by using the following methods:

Confirm it is clear when the plan would be triggered.
Review response plans to see if they conform to the Australian Government Investigations Standards and other national guidelines and frameworks.
Confirm that the plan and documentation would be easily accessible when required.
Confirm that the plan shows a timely and standard response to major incidents.
Confirm that the plan clearly defines command and control structures for:
- decision-making
- actions, mitigations and remediation
- communication such as with staff or the public
- engagement with Ministers, stakeholders and partner entities.
Confirm the plan remains up-to-date by checking that it assigns roles/accountability to current positions/divisions.
Run through hypothetical scenarios to determine if the plan is resilient and adaptable.
Check that the plan is regularly reviewed/tested, including post-incident reviews.

Related countermeasures

This type of countermeasure is supported by:

Establish governance, accountability and oversight

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Collaborate with strategic partners

Collaborate with strategic partners such as other government entities, committees, working groups and taskforces. This allows you to share capability, information and intelligence and to prevent and disrupt fraud.

Clearly define decision-making powers

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

Make sure there is managerial, independent or expert oversight

Make sure a manager, independent person or expert oversees actions and decisions. Multiple people being involved in actions and decisions increases transparency and reduces the opportunity for fraud.

Train staff to apply correct processes and decisions

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Support staff to lodge tip-offs and Public Interest Disclosures

Put in place processes for staff or external parties to lodge tip-offs or Public Interest Disclosures.

Train staff to be effective fraud analysts and investigators

Provide staff with the knowledge and skills required to analyse and investigate different types of fraud.

Investigate fraud

Investigate fraud in line with the Australian Government Investigation Standards (AGIS).

Coordinate disruption activity

Coordinate disruption activities across multiple programs or entities to strengthen processes and identify serious and organised criminals targeting multiple programs.