Develop a fraud recovery plan

Planning is the key to dealing with any issue. Fraud is no exception – actually planning what your organisation will do if fraud occurs is best done before the event. When fraud occurs it can be very emotional – it is reasonably common that the person who has committed the fraud is a trusted employee / volunteer and considered a ‘friend’. So planning when people are ‘thinking straight’ (ie. Before the fraud has occurred) is the best option.

Many organisations have a Disaster Recovery Plan (and if they don’t they need to develop one of these also!). For example, a Disaster Recovery Plan can set out what should be done if the computer system fails – where can the server be hosted until a new server is purchased, installed and made operational again. Think of a Fraud Recovery Plan in the same way.

So what should an organisation include in a Fraud Recovery Plan. It should be noted that for a Fraud Recovery Plan to work appropriately, the board will need to pre-approve the use of the plan if fraud does occur. This means that the person who is responsible for the plan needs to be able to implement the plan as soon as fraud is discovered without need to first seek approval from the board – the longer it takes to commence an investigation, the increased likelihood of losing evidence.

Following are some ideas of what should be included:

• Does the organisation have the internal skills to investigate the fraud. If not, are resources available externally to conduct the investigation and will those skills be available at short notice;
• As per the Fraud Control Policy, the matter should be reported to the police. Therefore, who will liaise with the police in relation to the fraud;
• Who will deal with the terminating of the employment of the person who committed the fraud. Will the organisation request the assistance of their lawyers in this regard.
• If the organisation has insurance against fraud, what is the excess on the policy, what is the maximum amount able to be claimed and when does the insurer need to be notified of the fraud;
• Will the organisation be at risk of losing funding such as government grants;
• Will the organisation be at risk of having cash flow problems? If so, is it possible to gain a temporary increase in any overdraft facility;
• How will other employees and volunteers be advised of what has happened; and
• How do you manage any reputation risk that the organisation may suffer, such as how will the organisation deal with the media should it become known that fraud has occurred or should the organisation issue a media release about the issue.