A 6-step, structured approach to an incident investigation is used to ensure that everything in connection with the fraud has been taken care of.

  1. Take immediate action: Sooner the better! Take perishable evidence in custody as soon as possible. These can be CCTV footage, samples. Also do not delay in making the area safe, preserving the scene and notifying relevant parties.
  2. Formulate the investigation plan: This step revolves around the details about the resources and people involved, the duration of the investigation, the degree of the crime and the size of the team of investigators required to handle it systematically and completely.
  3. Gather the data: This step focuses on collecting as much information as possible from numerous sources such as various equipment, documents and the scene of the incident and people engaged in the event including the witnesses.
  4. Conduct root & cause analysis: Failures and mistakes don’t just happen by themselves; organisations allow error-enforcing environments that promote direct causes to develop and persist. The current incident could be the result of a chain of events. Therefore, understanding the sequence of events becomes crucial to solving the riddle. At this step the investigator zeros on finding out the root and underlying causes, as well as the direct causes before identifying why the incident happened.
  5. Initiate corrective measures only: The corrective actions should not be taken looking at the direct causes only aiming for a quick fix, putting last-lines-of-defence back in place. Rather the root and underlying causes must be considered while designing the defence mechanism. This practice will not only help the organisation lower down the risk of recurrence of the incident but also reduce the possibility of occurrence of other dissimilar incidents springing from the same, common root cause.
  6. Prepare a report: The investigation draws to a close when all outstanding issues have been shut and the discoveries have been intimated so that lessons can be shared. The results can be communicated by means of formal incident investigation reports, alerts, presentations and meeting topics.