Is Your Fraud Response Plan Fit for Purpose and When do you Test it?

Dated: 5 February 2018 Author: Allan Maund, Director of Counter Fraud

What is a Fraud Response Plan?

A Fraud Response Plan (FRP) is typically available to its readership in two forms, as a standalone policy, or annexed in an aligned policy, such as the anti-fraud policy. A FRP doesn’t need to be voluminous, but proportionate and provide the reader with the necessary information and guidance of the actions to take when fraud is suspected.

Who should have access to the FRP?

Who can access the FRP is another consideration, should it be available to all, or should the FRP be restricted if the content assists the fraudster?

 

When to review?

Allan Maund, Director of Counter Fraud says “Personally, I’d advise a periodic review of the FRP, as a minimum to ensure the key individual roles still exist and the process to be taken when fraud is suspected is reflective of the business operating model. There’s little advantage of having an FRP if it’s no longer fit for purpose or doesn’t reflect the business.”

Other than a periodic review an advantageous time to review the FRP is during the post investigation phase. Post investigation reviews typically (and rightly) consider root cause analysis, identifying internal control weakness, procedural and process failings etc which, hopefully following a revision of the offending weakness areas should prevent a reoccurrence of the fraud. What a post investigation review doesn’t always consider is how the business responded, if it was handled appropriately and in accordance with the FRP, and if the actions of those in the FRP contributed to any failings.

Allan Maund, further commented “In my experience, a post investigation review of the FRP is typically overlooked and it’s probably the right time to do such a review.” 

Example ‘failings’

“Examples of ‘failings’ I have encountered in my career which impact upon the FRP, has ranged from:

  • inexcusable communication delays when a suspected fraud was first identified,
  • timely delays because of the wrong post holder being notified,
  • post holders who were notified were potentially implicated, and
  • the appointment of unqualified persons to investigate who proceeded to prejudice civil and criminal investigations.

Appointing someone senior in a business to investigate is not always conducive to effective handling of an allegation of fraud.”

Allan went on to say “I recall one organisation went into meltdown when the media ‘broke’ and Members at the Council were throwing mud in the chambers. All in the public arena. The organisation had overlooked their FRP, hit the panic button and as the person responsible for the investigation, I was on the back foot before the clock had even started.

If you haven’t got a FRP, consider implementing one. If you do have an FRP, don’t let it gather dust, review its content, ensure its ‘audience’ is restricted to those who ‘need to know’. Finally, test the FRP during the post investigation review.  If it doesn’t fit, change it.

After all, ‘Failing to plan, is planning to fail’.”

Need further assistance?

For further information please contact us on 0800 298 3899 or email: Email Allan Maund.