Which of these best describes your organisation’s response to a fraud or cybercrime attack?
- Wait to see what further indicators of fraud in that area arise
- consult external legal advisers
- Consult internal/external audit
- Engage a forensic investigator
- Use internal resources to perform an internal investigation
- Not sure but we’ll work it out at the time
No system of internal control can provide absolute assurance against fraud occurring. As a result, organisations’ s should develop a system for prompt, competent, and confidential review, investigation, and resolution of instances of non-compliance and allegations involving potential fraud. The board should also define its own role in the investigation process.
An organisation can improve its chances of an effective investigation by establishing and preplanning investigation and corrective action processes. To this end the board should make sure the organisation has a Fraud Response Plan.
A Fraud Response Plan should clearly set out the investigation process (who, what, when and how), legal or ethical duties to report fraud (to your shareholders, customers, bank, insurance company and/or regulator(s)) and the action to be taken against fraudsters.
A Fraud Response plan is an essential element of an holistic fraud strategy. The response plan should cover:
- Who will be involved in the investigation
- What will be investigated
- When investigations will be made
- How the investigation will be conducted
- What will happen at the conclusion of an investigation
Our guidance and resources offers more detailed information in each of these areas and more including a template Fraud Response Plan.
No comments yet.