This is part 1 of the five-part series “Business and Financial Fraud: Yesterday, Today, and Tomorrow” with Tom Fox and the FCPA Compliance Report. During the series, Tom was joined by K2 Integrity experts Joanne Taylor and Ray Dookhie for a discussion of how organizations can identify and mitigate fraud risk.
In a December 2020 report by the Association of Certified Fraud Examiners (ACFE), anti-fraud professionals across a range of organizations said they had seen an upward trend in fraud over the second half of 2020, and 90% of participants expected that to increase over the next 12 months. This increase comes largely from remote working arrangements, which experts believe are here to stay. While organizations may well be working across a hybrid model of some office working and remote working down the road, they really need to take a good look at their anti-fraud controls now.
What key fraud risks does this arrangement present? First is the lack of supervision. Second is the risk of people outside the organization getting access to confidential data. This often is the result of a broader issue: the blurring of the remote workers’ professional and personal lives, with people forgetting what professional behavior means. When you add the third side of the fraud triangle—the pressure to continue to deliver in this stressful environment—there can be real incentive for people to commit misconduct, particularly those in sales or target-driven roles.
And the risk of fraud in this environment includes more than simply the theft of funds. Pressure on senior management to hit sales targets and show good performance can lead to financial misstatements. Another fraud risk organizations need to be on the watch for is cyber-related fraud. During the initial rush at the beginning of the pandemic to move to a remote working environment, employees were settled very quickly on laptops and given certain access rights. While many businesses expected that they would be back in the office quite quickly, that simply has not happened. Firms should take the time at this point to reflect on their fraud program as a whole and specifically their cyber controls to make sure that their environment is as risk-free as possible.
One important area for companies to consider is unemployment fraud. This fraud is not limited to employees fraudulently applying for unemployment or other benefits they do not deserve but encompasses a full range of fraud relating to employment issues during the pandemic. This can mean fraud around the Paycheck Protection Program (PPP) in the United States and around similar programs in the UK. Fraud can also occur in the race to outfit organizations with personal protective equipment (PPE).
What can organizations do right now to get ahead of some of these fraud issues? The best place to begin is with a fraud risk assessment, which is fundamental to understanding where a company’s risks lie. Such an assessment can also identify weak points, whether these are internal fraud, fraud perpetrated by third parties, business fraud, or email compromise fraud. Defining those schemes upfront and then assessing internal controls against the potential schemes is really important to truly understanding an organization’s risk.
Equally important is a company’s whistleblower program, which can be its best source of tips for fraud. Companies should take the time to test their hotlines to ensure that the lines of communication are open. If an organization is not getting any calls on the hotline, it should investigate the reasons why, and consider a training and awareness campaign. Whistleblowing hotlines should also be made available to suppliers to help prevent kickbacks or other similar fraud schemes. Finally, now would also be an appropriate time to perform a gap analysis on internal fraud controls or financial controls. This would include making sure that all of the basic protections that financial controls bring— including a second set of eyes and segregation of duties (SODs)—are in place.