Skip to main content

Incident response plan

Type of fraud control

This is a corrective fraud control. Corrective fraud controls respond to fraud after it has occurred. They help to reduce the consequences or disrupt further consequences.



An incident response plan outlines how an entity will respond to a fraud incident.

Why this countermeasure matters

The lack of an incident response plan may lead to:

  • intelligence and investigation processes being uncertain or less effective
  • poor decision-making and mistakes during the response
  • increased financial and reputational damage
  • less effective disruption and prosecution efforts
  • delays in responses
  • uncertainty over responsibility
  • inconsistent decision making
  • information and responses not being recorded or shared.

How you might apply this countermeasure

Some ways to implement this countermeasure include creating incident response plans like:

How to check if your countermeasures are effective

The following are some ways to measure the effectiveness of this type of countermeasure.

  • Confirm it is clear when the plan would be triggered.
  • Review response plans to see if they conform to the Australian Government Investigations Standards and other national guidelines and frameworks.
  • Confirm that the plan and documentation would be easily accessible when required.
  • Confirm that the plan shows a timely and standard response to major incidents.
  • Confirm that the plan clearly defines command and control structures for:
    • decision-making
    • actions, mitigations and remediation
    • communication such as with staff or the public
    • engagement with Ministers, stakeholders and partner entities.
  • Confirm the plan remains up-to-date by checking that it assigns roles/accountability to current positions/divisions.
  • Run through hypothetical scenarios to determine if the plan is resilient and adaptable.
  • Check that the plan is regularly reviewed/tested, including post-incident reviews.

Related countermeasures

This type of countermeasure is supported by:

Establish governance, accountability and oversight of processes by using delegations and requiring committees and project boards to oversee critical decisions and risk. Good governance, accountability and oversight increases transparency and reduces the opportunity for fraud.

Clearly document decision-makers using delegations, authorisations and instructions. Clearly defined decision-making powers increase transparency and reduce the opportunity for fraud and corruption.

Provide staff with adequate training to increase likelihood that correct and consistent processes and decisions will be applied.

Related Fraudster Personas

Was this page helpful?