Organisations reports breaches and invests time, talent and millions of dollars to investigate the fraud. This is not a one off activity but a continuous improvement process. A model to investigation reporting and solving must be customised based on organisational needs. Every company supports speak up culture and has whistleblower policies. Proper governance will determine how much safe employees feel and are willing to report concern.
Below I am noting few essential parts of investigation model
- Have a baseline investigation model for the company that is well communicated to everyone in the company
- conduct through investigation. Not limiting to a subject and not compromising independence and objectivity is very essential
- Every breach is a learning and the recommendations should never be missed. Changing a policy or throwing out an employee is not the end of this learning. Organisations must absorb the learning into processes enhancement
- Organisations must go beyond the breach and its effects to focus on causes and influencing factors in the breach. They should map a flow diagram of what things can go wrong within the vicinity area of the breach. Potential areas must be explored to find flaws or loop holes.
- Governance must engage employees to not only report breach but ask questions or report concerns. Employees won’t have the courage to report unless something bad has happened. But the real deal is to get a breach reported while it is showing abnormal behaviour in the system or while the breach is in planning stage