How To Design A Reaction Plan To A Fraud Allegation

  • Contributors:
  • Eric Larson
Image of business woman discussing a reaction plan to fraud with coworker

Internal or occupational fraud can take on many forms, but regardless of how fraud manifests, most organizations are exposed to some degree of fraud risk.

Being proactive about managing this risk can be the most powerful step in reducing your organization’s exposure.

According to the ACFE’s 2016 Global Fraud Study, “The presence of anti-fraud controls was correlated with both lower fraud losses and quicker detection…where controls were present, fraud losses were 14.3% – 54% lower and frauds were detected 33.5% – 50% more quickly.”

Putting internal controls in place that are designed to prevent and detect fraud is just one aspect of a strong anti-fraud plan. Knowing how to respond to fraud is also essential.

Great internal controls set the tone at the top – your board of directors should also develop a process to receive, investigate and resolve instances involving potential fraud and define its role within the process.

This allows a prompt and competent review to begin as soon as an allegation is known, and when it comes to fraud, time is of the essence.

So what happens within your organization when an allegation of fraud is received? What protocols are in place to address the concern?

If you don’t have a reaction plan (or think your current plan needs some work) consider the four stages of an action plan and the key considerations that will help your organization perform a competent and effective review, investigation, and response.


1. Review the allegation

Select the right individual(s) within your organization to evaluate the allegation and determine the best course of action to resolve it. Individual(s) should have the appropriate authority and skill level to perform the evaluation.

Any cases that could include members of the board or senior management may require hiring independent advisors (like a forensic accountant).

Determine whether the allegation may violate any laws or company policies, and decide if other departments or external auditors should be consulted. If any conflicts of interests become apparent, remove them before starting the investigation.


2. Plan the investigation

There are many factors to consider when designing an investigation process, including confidentiality, legal requirements, securing evidence, ensuring objectivity, and more.

Any individuals responsible for supervising an investigation must have a higher level of authority than anyone involved in the allegation.

Evaluate the resources necessary to perform the investigation, and determine whether your internal resources can adequately or objectively do the job. If not, hire external expertise – legal counsel, fraud investigators, external auditors, forensic accountants, HR personnel, IT personnel, etc.


3. Conduct the investigation

Set and assign investigation tasks to the appropriate individuals on the investigation team.

Pay attention to any legal issues when it comes to dealing with employees and third parties, how the team will collect information, and how the integrity of the investigation will be verified.

Common tasks include interviewing, obtaining evidence, performing forensic examinations of computers, and analyzing evidence. Diligent documentation, tracking, and reporting on the investigation is essential.


4. Take corrective action

Once the investigation is complete, the investigation team should report its findings to those overseeing the investigation. Findings may need to be sent to additional parties such as an audit committee, legal, regulatory, or law enforcement agencies, and insurance providers.

Corrective action is decided and enacted by your organization – however, any corrective action should be consistent across levels of employees, and appropriately discussed before enforcing.

Be aware that some cases require action to be taken before an investigation is complete. Possible corrective actions could include an insurance claim, a review of existing internal controls, an extended investigation, civil action, or a criminal referral to law enforcement.


Dealing with fraud can be stressful, but with a well-designed, well-communicated, and proactive approach, your organization is better equipped to prevent, detect, and react to fraud in a timely manner. Don’t be caught off guard. Make sure you’re ready if fraud strikes!


Have questions about creating an action plan? Lets talk!