Fraud Considerations During the Pandemic

Nina Kelleher: Hello, and welcome to EisnerAmper's podcast series on remote workforce challenges as a result of COVID-19. I'm your host Nina Kelleher And today we'll be speaking with David Sumner. David is a director in the financial advisory services group. He focuses on forensic investigations where there are allegations of fraud, misconduct, corruption and theft. Hi David, thanks for joining me.
David Sumner: Thanks.

NK: In the previous podcast in this series, we explored remote workforce challenges around enterprise and financial controls. David, today, we're hoping to chat with you about how the remote workforce has increased and in certain cases, given rise to new fraud risks. Why should fraud risks be considered in the current environment when so many organizations are just struggling to survive?
DS: Well, like a virus, fraud seeks out weaknesses. While every company can experience fraud, the current environment has stressed and changed control environments. Additionally, because of the individual pressures that people are under, an ethical person may sometimes make an unethical decision. The working from home and reductions in staff, including furloughs may have eliminated controls or altered them without consideration for any sort of mitigating control. Today, I'd like to talk about fraud risks from two sources, the external fraud risk due to the COVID-19 environment and then the internal fraud risks, which are due from working from home and the changes to the control environment.
NK: You just mentioned external fraud risks. What are some of the biggest external fraud risks you're seeing?
DS:Every industry in business has their own fraud risk profile. But what we've already seen is an uptick in things such as supplier fraud, phishing scams like wire fraud, fraudulent billing, including hours being padded by contractors and forgery as well.
NK:The other area mentioned was internal fraud risks. What are the internal fraud risks you're referring to?
DS:Sure. The reality is that the sudden implementation of working from home coupled with staff reductions may have significantly impacted certain key anti-fraud controls. Organizations really didn't have a proper amount of time to evaluate these changes. It's understandable because the speed at which we went from something is happening overseas to shutting down major cities was unprecedented, at least in my lifetime. In most cases, I don't think mitigating controls were fully considered. Add to that, risk from salary reductions and increased pressure to complete the same workload with reduced teams, individuals are also under a lot of increased pressure. Companies are also experiencing increased pressure to meet loan covenants or regulatory requirements and as a result, someone might make an unethical decision. Regulatory risks such as reduced security of protected personal information have certainly increased in the work from home environment. And lastly, I think we've seen some asset misappropriation with fewer employees at the physical locations.
NK:It sounds like working from home increases fraud risk. Is that what you're saying?
DS:Working from home is not the issue in my eyes, but because of the vast majority of instances in which it was implemented without much preparation and done very quickly, that's what's created the additional fraud risk. Going forward into the future, working from home is going to be more prevalent. Organizations should be looking to design and test the effectiveness of these controls around working from home accordingly.
NK:What steps can organizations take right now to help mitigate the risks you mentioned?
DS: Well first, an organization should look to refresh their fraud risk assessment. Their internal control environment has changed and they need to make sure that they understand the additional risks and challenges that this new environment encompasses. Secondly, think about what the messaging is that is coming from management. The tone at the top is extremely important just for an organization trying to conduct business as usual, but tone at the top is extremely important in setting the organization's anti-fraud message. And this is a good time for the company to stress their anti-fraud stance. Lastly, make sure that the workarounds and control overrides and control changes that were implemented during the work from home transition have been documented so that internal audit can appropriately plan and execute their procedures.
NK:What should an organization do if they suspect fraud?
DS:In similar downturns, such as the dotcom crash, the economy experienced quite a large uptick of fraud instances. And this current environment should be no different. Fraud schemes that were operating undetected previously are more prone to be exposed during these challenging economic times. The reason for this is that someone different may be performing that control. Another reason is that many different fraud schemes rely on cash and a steady stream of cash to be coming in. During the current environment, there's a lot of focus on cash. Due to cash scarcity, customers and suppliers may be reviewing their invoices and payments with greater scrutiny and there may be less cash leftover to cover thefts.