Incident response plan
A plan to help coordinate the response to a fraud incident.
Some examples of this type of countermeasure include:
- A Cyber Security Incident Response Plan.
- A Data Breach Preparation and Response Plan.
- An Incident Response Plan for serious cases of fraud or corruption.
Purpose of this countermeasure
Failing to respond to a major incident in a planned and orderly way can lead to:
- dysfunctional and obscure processes, and
- poor management decision-making and risk.
This can increase the financial and reputational damage caused by fraud, and reduce the effectiveness of the disruption and prosecution efforts.
This type of countermeasure is supported by:
- Governance, accountability and oversight
- Collaboration with strategic partners
- Decision-making powers are clearly defined
- Managerial, independent or expert oversight
- Staff are trained to apply correct processes and decisions
- Tip-offs and Public Interest Disclosures
- Trained fraud analysts and investigators
- Fraud investigations
- Coordinated disruption activity
How do I know if my countermeasures are effective?
You can apply the following methods to measure the effectiveness of these types of countermeasures:
- Confirm it is clear when the plan would be triggered.
- Confirm that the plan and documentation would be easily accessible in a crisis scenario.
- Confirm that the plan establishes a timely and standard response to major incidents.
- Confirm that the plan clearly defines command and control structures for:
- actions, mitigations and remediation,
- communication, e.g. with staff or the public, and
- engagement with Ministers, stakeholders and partner agencies.
- Confirm the plan remains up-to-date, e.g. check that it assigns roles/accountability to current positions/divisions.
- War game the plan: run through hypothetical scenarios to determine if the plan is resilient and adaptable.
- Check that the plan is regularly reviewed/tested, including post-incident reviews.