No rookie mistakes when dealing with incident response

Fraud, corruption and commercial crime are endemic throughout the world and are responsible for the insurmountable economic losses suffered by organizations, corporates and institutions alike. These losses are often exacerbated by the lack of an appropriate incident response plan (“IRP”), which exposes an affected organization/institution to further risk and harm at the hands of perpetrators of economic crime. In the last decade South Africa has experienced its highest level of economic crime, which necessitates a pragmatic, effective and efficient approach to the investigation of these incidents and/or crimes.

The lack of an IRP often creates ideal circumstances for perpetrators of economic crime to compromise the integrity of an investigative process by tampering/destroying evidence and tipping off suspects and witnesses, all of which have the effect of hindering an organization’s ability to respond appropriately to an incident of economic crime and can lead to further economic loss, legal risk and reputational damage.

What is the purpose of an IRP?

An IRP is designed to avert the issues referenced above in that it is intended to ensure that incidents are handled in a systematic and efficient manner without compromising the investigative process. It is also essential for developing a response plan that is measured and consistent with the overarching purpose of an IRP, which purpose is to protect an organization from the economic, reputational and legal risks that follow from an incident involving economic crime and fraud. An IRP also mitigates the risk of reputational damage (associated with incidents relating to economic crime) to organisations/institutions and it often assists in restoring the confidence of the public/clients/consumers.

What factors must be considered to develop an IRP?

There are a number of fundamental considerations that go into the development of an effective IRP, as set out below:

• Develop and record a pre-determined process for the resolution of various types of fraud identified in the fraud risk assessment process;
• Ensure that fraud, and what constitutes fraud, is clearly defined in the IRP;
• Identify the relevant persons to be notified of such incidents (i.e. line managers, human resources, legal) which persons will also be required to determine whether an incident needs to be escalated;
• Appoint a spokesperson for the organization/institution who will be tasked with managing and facilitating communications with the media and/or public (if necessary);
• Design a process which provides for the immediate notification of such an incident to the relevant persons in senior management without effecting the integrity of the investigation;
• Design a clear protocol for the investigation process, the assignment and supervision of an investigator; and
• Develop a process intended to communicate internal messaging to employees regarding the incident provided that internal communication will not compromise the investigative process.

It is imperative that there is a streamlined process for dealing with an incident of economic crime or fraud to ensure that the relevant information is preserved for purposes of the investigation and to ensure that the incident can be resolved in a manner which results in the least harm/damage to an organization. A comprehensive plan which is frequently audited, updated and improved assists organizations in developing an IRP that can deal with a myriad of risks and incidents relating to fraud and economic crime.