Update your fraud risk assessment and incorporate new factors emerging from the COVID-19 crisis
The fraud risk universe triggered by this pandemic — just like its epidemiological risk — is still not fully known. Even the leading anti-fraud programs should be updated for the new risk factors arising from pandemic responses: the sudden and swift shift to remote work, the use of COVID-19 as topical lure for social engineering campaigns, and new procedures for monitoring employees’ health status or productivity. In addition, new business processes are being designed and implemented as part of a COVID-19 response, and these may magnify existing internal fraud risks, while also potentially adding new ones.
Identify, rank and address your risks
It’s time to turbocharge your data analytics and visualization techniques to gain visibility into heightened fraud risk areas. Fraud-risk monitoring tools can help you identify risk issues sooner.
Upgrade your internal controls, policies and procedures
Weakness in internal controls account for nearly half of insider fraud. It’s important to assess existing internal controls, policies and procedures to determine whether responses to COVID-19 like remote work, supply chain adjustments, employee health status monitoring or contact tracing should cause an update. Recommend changes for management to consider that align with the fraud risk assessment’s results.
Internal audit executives play an essential role in assessing the most critical risks that COVID-19 has either created or magnified. For example, internal auditors detect about 15% of insider fraud incidents, second only to tips from employees or external parties (40%). More importantly, controls put in place by internal auditors are considered to be among the most important anti-fraud techniques.
Communicate and engage the business, audit committee and auditors
Rally them together for a stronger fraud-fighting culture. By setting the proper tone during the crisis, CEOs and corporate directors can temper any pressures and justifications for insider fraud.
It’s essential to proactively engage your audit committee and auditors in discussions about your responsibilities for preparedness and notification of fraud under Section 10A of the Securities Act. It is also critical to maintain the market’s confidence in the reliability of financial reporting information. Audit committees need to focus on that during a crisis, especially one of this magnitude.
Investigate internal fraud incidents promptly
A leading practice to avoid getting embroiled in a new fraud is to investigate and learn from the last one. Yet, according to the Global Economic Crime and Fraud Survey, half of US companies and 44% of all global companies failed to conduct an investigation after their most damaging recent fraud — and barely one-third reported it to the board.
Disclosing a fraud early can sometimes result in a more favorable outcome with regulators and potentially lessen downstream liability. Regulators frequently give credits (from reduced penalties to declination) to companies that self-report incidences of internal fraud, while organizations that try to conceal evidence of misbehavior face the full brunt of the law.