Today, many employees work in a home office setting as opposed to a workplace. In a remote work environment, employees must have all the components to do their jobs in their home offices, including computer screens, docking stations, laptops, desktop computers, client files and any other necessary devices or tools. They must also increase their use of video conference software and tools for internal communication, which could open your business up to conference hackers and potential employee misconduct.
Such an environment calls for new processes around security and internal controls to avoid risks, such as fraud and cyber incidents.
Fraud is a key consideration for businesses operating with a remote workforce. The (ACFE) reports that 75% of all businesses are victims of fraud-related crimes on a regular basis. In fact, the average business loses 5% of its annual revenue to fraud. Considering that the average embezzlement takes 14 to 24 months to uncover, proper internal controls are critical to reducing fraud risk and associated costs.
Even in traditional work environments, it’s easy for processes to become flawed and for details to fall through the cracks. This is especially true if plans are made in a hurry or without enough information. However, with a remote workforce, internal controls warrant greater attention to detail and adherence to processes. This will allow business owners to be more diligent regarding company finances.
Businesses tend to rely heavily on trust as an internal control. In a normal business cycle, this can cause issues. In a remote working environment, it can have a long-term business impact. Effective and established internal controls are necessary to prevent fraud and protect your business.
Proper internal controls begin with the “tone at the top,” meaning leaders lead by example, and impose zero tolerance for non-compliance. This accountability is essential whether employees are remote or in a physical office.
Internal controls can be difficult to establish and sustain. Emotions get involved and affect individuals’ perspectives and thought processes. This is where policies and procedures come into play. Having defined controls and processes will remove sentimentality and emotion from the equation – it’s not about trust or the individual, it’s simply protocol.
The problems begin when management loses focus on keeping employees accountable for their actions – or inaction. When management fails to follow internal controls, employees have greater opportunity to manipulate their job duties and take advantage. Remote work demands that internal controls operate at peak efficiency. Management must insist on proper cross checking and reviews.
Do you have the right internal controls in place to effectively prevent fraud? Fraud risk assessments and internal control examinations help business leaders ensure they’re on track.
Internal controls and processes are of critical importance to your organization’s accounting department. They affect:
Working remotely could add a layer of tracking and tracing to the flow of approvals. After all, emails between individuals and businesses are time and date stamped automatically. Also, senders can require a “read receipt” or a “delivery completed” notification which can be stored in case something needs to be verified.
If you’re concerned about a limited segregation of duties at your organization, consider reviewing:
Also, consider reviewing the following components of your cybersecurity plan:
What are the key areas susceptible to fraud? We compiled a comprehensive list specific to organizations with limited segregation of duties.
When people are “out of sight” they can also be “out of mind.” Indications of fraud are less visible and harder to identify over the phone or via a video conference call.
The ACFE report shows the leading red flag for fraud is living beyond one’s means. It also shows the leading detection strategy is through tips. In virtual work environments, employees interact less frequently and it’s more difficult to identify questionable activity. This may enable further fraud, allowing employees to take advantage with less risk of being noticed.
One of the best ways to prevent fraud in a remote working environment is to go back to the basics. This involves engraining the idea of security and fraud prevention in your company culture. This is also the easiest, least expensive and most expedient internal control. In doing so, you establish a “perception of detection” within the business.
Think of it like this: Will a person speed or run a stop sign if they “believe” they will get caught? Most likely, they will not.
This same reasoning applies in a business environment: Will most people commit an act of embezzlement if they “believe” they will be caught? In most cases, they will not.
Top-performing organizations are prioritizing a culture of security, but it’s not as simple as announcing your plan and telling people to follow the rules.
The ACFE reports that schemes lasting longer than five years have a median loss of $850,000. And companies with fewer than 100 employees have a median loss of $150,000.
There are not many businesses that can afford to lose $150,000, let alone $850,000, to an embezzler. Are you prepared to protect your organization’s finances?
What every organization needs is a strategy to reduce fraud risk, which involves identifying the best internal controls and creating a culture of fraud prevention. Other ways to ensure detection and prevention include:
Commonalities exist between industries in terms of fraud risk and prevention. However, there are unique circumstances and risks relevant to each industry that organizations must account for. Here, we’ll lay out a few examples.
Fraud in School Districts: Schools receive funding from federal and state sources, taxes and donations. Protecting these funds can be tricky. Schools often deal with corruption, embezzlement and credit card fraud as top risks. A small amount stolen from a school safe or charged on the district credit card can greatly affect school funding.
Fraud in Government: Government entities tend to have difficulty with segregation of duties due to smaller staff. Maintaining protocols for reviews and approvals is a challenge. The highest-cost fraudulent activity tends to involve embezzlement by long-term, high-ranking employees.
Fraud in Nonprofits: Nonprofits also tend to have difficulty with segregation of duties as they run on tight teams and cannot always cross-train or enforce reviews and approvals. Additionally, they tend to have cash on hand that is difficult to secure. Corruption and billing schemes are common in nonprofits.
Fraud in Financial Institutions: The most commonly reported fraud scheme for financial institutions is corruption, which involves employees abusing their influence on transactions, such as through bribes. Financial institutions also have high rates of fraud involving cash on hand.
Fraud in Dealerships: Dealerships tend to run on lean staff, with individuals wearing multiple hats. There is less opportunity for segregation of duties. Owners and managers must ensure segregation of duties to catch fraudulent activity such as a parts manager diverting funds to a personal account from wholesale customer credit cards.
Fraud in Dental Practices: Similar to other industries, dental practices have small teams and it’s difficult to enforce reviews and approvals that prevent and detect fraud. It’s important to have a policy or hotline available for employees to report issues and concerns safely and anonymously. And practicing a culture of awareness can help all of your employees understand what to look for.
From internal control review to examination of your proper use of loan funds, Eide Bailly’s got you covered. Learn more about what a top-rated forensic accounting firm can do for you.