Take a brief mental journey and step back in time to early 2020 when the coronavirus, as it was commonly called at the time, first hit the public consciousness. This may spark memories of scrolling through social media, seeing wildly different opinions from different people about potential impacts. Many people were asking, Was this going to be a big deal? Shortly after that, it became clear that it was definitely a big deal.
The pandemic happened so quickly, in fact, that organizations had very little time to prepare. In particular, the shift from employees working in the office to working from home was jarring for many employers. Many organizations had internal controls that relied on physical sign-offs or were simply not designed with remote work in mind. There were workarounds, band-aid solutions, and just a general mentality of throwing caution to the wind because they had to keep moving forward.
Fast forward to today. Many of those “temporary” solutions are still in place. But even for those that have reverted to “normal,” there was a gap of time that needs to be considered. Now, think about the increased risk of fraud this poses through the lens of the fraud triangle framework. The theory of the fraud triangle is that a person must have pressure, opportunity, and rationalization to commit fraud. So, how did the pandemic impact these three sides of the fraud triangle?
Source: Association of Certified Fraud Examiners (ACFE)1
- People were losing jobs; lost income creates financial pressure
- People became sick, were unable to work, and more lost income
- Home-schooling, less time to focus on work, and less effectiveness at work
- Chaos in the workplace and uncertainty
- Internal controls relying on in-office employees broke down
- Technology challenges to keep operations online; shortcuts taken by IT
- Changes in internal controls to accommodate this new work environment not well thought out
- Turnover; lost institutional knowledge about how to properly oversee operations
- We’re in a pandemic!
- People’s worldview shifted; values were challenged
- Intensified existing rationalizations
- Mental health was negatively impacted
An excerpt from the ACFE’s “Occupational Fraud 2022: A Report to the Nations” shows that pandemic-related issues did contribute to frauds.2
We asked survey participants whether several pandemic-related issues contributed to the frauds that they investigated; 52% of respondents noted that at least one of these factors was present in their case. Of the factors analyzed, pandemic-related organizational staffing changes were the most common (42% of cases), and a shift to remote work was the factor most commonly cited as significant (15% of cases).”
So, what do we do about this? First, stop the bleeding. Make a concerted effort to look for fraud in your organization. The area where our Analytics team at FORVIS most commonly sees fraud is the accounts payable process. Other areas where we often see fraud include the payroll and purchasing card processes. Leveraging analytics is a great way to proactively search for fraud. In fact, in the 2022 ACFE report, proactive data monitoring/analysis was the number one anti-fraud control in terms of reducing the length of time of a fraud, which can help reduce the overall total dollar loss from the fraud. Surprise audits and job rotation/mandatory vacation were the second and third top anti-fraud controls to help reduce the duration of a fraud scheme.
Second, reassess your internal processes. You could focus on just the changes that took place because of the pandemic, but careful consideration should be given to whether it makes sense to look at all the controls related to a particular cycle, because there could have been control gaps in place prior to the pandemic as well.
The world has changed dramatically over the last several years, and in many ways, these changes have increased the risk of fraud. What are you doing to combat this increased risk?
If you have questions or need assistance, please reach out to a professional at FORVIS or submit the Contact Us form below.