Operational Excellence Amid COVID-19 | Responding to Emerging Fraud Risks
by Brett Baker, Assurance Senior Manager
With the onset of the COVID-19 pandemic, traditional business practices for most organizations shifted nearly overnight. Whether that means companies have switched to remote-work strategies, increased their reliance on virtual applications, or even changed their product mix to stay relevant, the transition has been swift. While some of these shifts have demonstrated the adaptability and resilience of the business world, there are new and increased risks that must not be overlooked during this time, some of which include insurance and disaster relief fraud.
Additionally, we have seen major economic impacts since the virus’s spread. In the past weeks there have been record-breaking unemployment filings, including over 3 million initial claims for the week ended March 21, 2020 and over 6.6 million initial claims for the week ended March 28, 2020. Economists at the Federal Reserve district project total employment reductions of 47 million, or a 32.1 percent unemployment rate. US stock markets remain volatile and the Dow was down approximately 37% during the week of March 23, 2020. The economic losses are significant and will put extreme financial pressure on companies and individuals.
Given the above considerations, we've entered an era with the potential for a "perfect storm" of conditions and motivations that increase the risk of fraud, in its various forms, as a direct result of the global COVID-19 pandemic.
Types of fraud to be aware of
Fraud is generally defined as “wrongful or criminal deception intended to result in financial or personal gain.” Oftentimes we see this in the form of theft, which can be tangible goods and materials, or intangible assets, including private data or intellectual property.
A second form of fraud to consider is related to the intentional misrepresentation of company financial information. This often presents in the form of inaccurate profit and loss numbers, increased assets on a balance sheet, or under-reporting of major liabilities. This type of fraud is committed in order to attract investment, financing, or to avoid penalties for poor performance.
Why do we see the increased risk?
In almost every instance of identified fraud, there are three components involved which we generally refer to as the Fraud Triangle:
- Incentive and Pressure
Given the major losses in the stock markets, unprecedented job losses, change in both consumer and B2B buying habits, and a general feeling of uncertainty, there are several emerging pressures and incentives to commit a fraudulent act.
When these pressures start to have to real impact on individuals and companies, that’s when the rationalizing begins. Individuals may think, "I need to this to survive and the company has so much money they will be fine."
Company executives may think, "So many people’s jobs depend on this company’s survival, we have to do what we have to do to stay afloat."
Lastly, as layoffs continue and remote work increases, the ability to follow internal controls will become more challenging and there will be less employee oversight. Employees may obtain increased authority as well. As such, the opportunities to commit fraudulent activities will increase.
Who are the potential perpetrators?
From a theft perspective, employees, vendors, and customers are the riskier population. Employees have access, knowledge, and are likely feeling the economic and personal impacts of the COVID-19 pandemic the most. Vendors can potentially be struggling during these times as well, which will increase their need to sell as much product and collect as much cash as possible. Lastly, customers, like the rest of the group, are feeling the pressure and when situations begin to look desperate, they will look to reduce their costs as much as possible.
What your organization can do about it
First, start with a common sense approach: pay attention and don’t forgo your standard risk mitigation procedures. Next, consider undertaking the following solutions:
1. Fraud Risk Assessment: Have you done a fraud risk assessment over your organization in the COVID-19 era? Have you done one recently at all? Whether this is done throughout the organization, or within a specific group of individuals or transactions, an updated fraud risk assessment can identify the risky areas in your business where you are most exposed to financial loss.
2. Respond to Identified Fraud: If you already suspect fraudulent activity is taking place, a forensic investigation can uncover much of these occurrences and help to resolve the issue by identifying the perpetrators and putting a stop to the activity.
3. Policies and Procedures Update: Have your policies and procedures been updated as a result of the changes to your business operations in the COVID-19 environment? Changes should be reflected in your controls as soon as possible. These need to be evaluated to ensure key controls are in place and functioning effectively in consideration of the changes to the way your business runs.
If you are unsure whether your controls are designed in a way that will prevent or detect fraud, we recommend consulting with professionals who can review your procedures and assist in implementing appropriate and efficient checks and oversight to reduce your risk of fraud.
4. Staff Re-Alignment: Current staffing models are changing. Whether you are short-staffed due to the outbreak, or concerned about cash flow related to fixed salaries, you might need some help. This is a time to consider innovative and affordable solutions that can be provided on an as-needed or periodic basis that relieves some of the fixed costs of hiring full-time employees, without losing any risk control or mitigation capabilities.
For example, you might want to consider outsourcing your internal audit function and hire consultants to perform these duties quarterly to avoid the annual internal audit salary expenses.
5. IT Risk Assessment: In these uncertain times, with nearly all business operations being handled online, there are additional risks to consider. A comprehensive risk assessment can be extremely valuable in avoiding financial or data losses. Additionally, there are some questions you should consider under the following categories:
a. Software – When was the last time you evaluated your systems, updated software, or performed an access and authorization review? Are you appropriately managing costs related to licenses for software?
b. Hardware – Are your hardware systems adequate to handle this level of remote work and online transacting? How strong are your physical safeguards to these assets?
c. People – Are your staff appropriately trained for this fully digital environment? Have policies and procedures for remote-work been implemented? Are individuals following these? Do you have the appropriate level of IT support staff to assist in the event of application failure and business interruption?
As described above, due to the economic impacts of the COVID-19 virus, it is anticipated that an increase in fraud will occur and it is important to note that this increased risk can have a significant impact on your operating cash flows if left ignored. It is important to update your fraud risk assessment, put a stop to any potential fraud, update your policies and procedures given the transition to virtual offices, evaluate your staffing needs, and consider increased IT risks.