A fraud response plan aims to help businesses be prepared for the scenario that fraud occurs. It outlines the steps that need to be taken if fraud is suspected and can help achieve a quick response – which could result in a successful recovery of assets. A fraud response plan should resolve any confusion as to who is responsible for what, what needs to be reported to who, when an investigation needs to be conducted and what the principles are when it comes to the documentation. In 2020, it was estimated that businesses lost 5% of their revenue to fraud. As a percentage this may sound small, however, it can translate to thousands or millions of dollars. 

Preparing a fraud response plan

The fraud response plan is there to support the business when its prevention strategies fail. All businesses should have preventative strategies that discourage both external and internal fraud. The fraud response plan will act as a guide by letting the employees know what the goals are when responding to fraud allegations, what are the do’s and don’t’s but also provide an outline of the investigation process if necessary. First, you need to consider: 

1. How incidents are reported

2. The structure of the fraud response plan 

3. The responsibilities 

4. The steps of the fraud response 

5. The recovery process 

6. Final actions 

1. How incidents are reported 

Before you start developing a fraud response plan you need to think about how the fraud will be reported in the first place. What systems do you have in place where employees can submit a report if they suspect fraud? You also need to think about what employees should do in the scenario where their manager is the one involved in a fraud case. For example, if the system requires the employees to report their manager, then there need to be some rules that guide employees to report to someone else. 

In some scenarios, it might be beneficial for the reporting line to be confidential, as individuals may be afraid of retaliation by their supervisor if they make a report.

2. The structure of the fraud response plan 

Once you have developed a strong reporting system, it’s time to start preparing your fraud response plan. As part of your fraud response plan, you need to include the following: 

Introduction: A short introduction may be included that explains what this document will cover and any relevant policies or laws that are related to fraud. 

Definitions: Definitions should explain any legal terms or what fraud covers. It could give examples such as asset misappropriation, recording of wrongful transactions and manipulation of documents or records. 

Purpose: The purpose section should explain why the document is being written. Some common purpose statements include: 

-To prevent loss of assets 

-To protect business growth and success 

-To have a guide in the case that fraud occurs and know who to contact and when 

-To determine who is responsible for what 

-To have a written trail of how the incident happened, what steps were taken to respond and what preventative measures could be used in the future to prevent a similar incident

You can write more than one purpose statement.  

Outline of steps: The steps that will be followed as part of the fraud response plan should also be included in the table of contents. We cover these steps below.

The recovery process and final actions: These sections should include how the business can approach the recovery process and how to learn from the situation and take corrective actions in the future. 

Appendix: The appendix can include information such as statistics, graphs or other infographics as well as a checklist for the team to use.

3. The responsibilities 

As mentioned, in your fraud response plan you should outline who will lead the whole response process. The person chosen must have the relevant experience needed to lead the response and must be given the necessary resources to execute the process appropriately. The fraud response plan could also outline the responsibilities of other employees. For example, financial fraud may have nothing to do with the IT department, but the financial department should be notified. 

Ensure that key people (such as the human resource manager, IT specialists and accountants) are familiar with the fraud response plan and will be ready if something happens. The fraud response team that is allocated with the responsibility of a thorough response should also be in charge for detecting fraud. Throughout the year they could be conducting audits, monitoring the system’s security and carrying out risk assessments.

This section of the plan should also explain what managers will be responsible for. They could assist with the investigation or provide relevant information to help with identifying the source of the fraud. Managers are also responsible for taking any fraud tip seriously and looking into it. 

fraud response plan

4. The steps of the fraud response 

The steps of the fraud response plan can be written in a checklist form with explanations for each one of the points. They could also be presented as a flow chart. The steps usually involve: 

  • Who needs to be informed immediately after reports of fraud have been submitted 
  • What meetings need to be held 
  • How can the teams determine where the fraud has actually occurred 
  • When to do a root cause analysis 
  • If external bodies need to be notified 
  • Whether customers, stakeholders or all employees need to be notified 
  • Identify if an investigation is necessary 
  • What tools will be necessary for the process 
  • Situations where legal counsel may be necessary

Another important point that should be prioritised is documenting the whole fraud response. The company will need to decide who will be responsible for ensuring all records remain up to date, steps are not missed as well as how the steps are recorded in the first place. 

If an investigation is deemed necessary, then the company should: 

  • Find the right investigation team 
  • Plan the investigation process 
  • Notify those involved in the process 
  • Help the investigation team improve their efficiency
  • Collect evidence with confidentiality as a priority 

When our clients decide to carry out an investigation into fraud, they rely on us to help their investigators make the process as efficient as possible. We take the steps outlined in your fraud response plan, and ensure that they’re followed by investigators without any headaches. At Polonious, we are also ISO 27001 and ISO 9001 certified, as we place great importance on protecting confidentiality while improving investigation workflows. 

5. The recovery process 

Once the investigation has ended, it’s time to consider how and if there’s any possibility to recover any funds, assets, documents or essential information that was stolen when the fraud was committed. Similarly to the investigation, the success of the recovery process relies on how quickly the organisation acts. Those leading the fraud response will need to think about who they need to contact for help in recovering the funds, what departments will be involved and what software if any will need to be used. Recovering assets and files is not a guaranteed process. The business may not be able to retrieve any of the things that were lost and that’s a risk that may also need to be mitigated with things like backups.

The fraud response plan could also outline the steps the entity can do to recover as a business after the fraud has occurred. This is where corrective actions and policies reviews come in. 

6. Final actions

The last thing the fraud response plan will need to cover is the final actions that are taken after the investigation has ended and any recovery actions have finished. Final actions could include taking legal action against any employees or external parties, protecting the evidence that was acquired during the investigation and communicating with employees about the next steps (usually referring to corrective actions). After this section, the last thing to do is to finish the Appendix. 

When do you need a fraud response plan? 

There’s no simple way to answer this question but to say that most if not all businesses could benefit from having some sort of a plan that will help them respond to the types of fraud threatening their business. The fraud response plan could be adapted depending on the size and industry of the entity. Small businesses might opt for a shorter and simpler plan as they don’t have as many departments or employees. 

You will need to carry out a risk assessment to understand what kind of risk your business is facing and then develop the plan appropriately. 

Are you looking to investigate fraud? 

If you’re looking to investigate fraud and make the process as time-efficient as possible then we can help you. Polonious has helped many businesses all over the world cut their investigation times and improve their investigation workflows. Our customers trust us to help their investigation team automate their tasks and reminders so that not a single step is missed. If you want to see what our system can do for you reach out and book a demo!