How to Deal with Fraud Risk in a COVID-19 World

June 2, 2020 | Article

The effects of COVID-19 have taken many employees out of the workplace and into a home office setting. With an almost instant remote working situation, employees were forced to bring home computer screens, docking stations, laptops, desk top computers, client files and anything else they needed in order to do their jobs.

Then came the increased use of remote teleconference applications and a whole new set of questions:

  • Should we use Zoom, Skype, Microsoft Teams or some other video conference software?
  • How de we communicate internally?
  • How do we protect against conference call hackers or Zoombombing?
  • How do we ensure misconduct is not overlooked in a virtual work environment?

We broke down key considerations for a remote workforce that you might not be thinking about.

Of the numerous effects of COVID-19 on organizations, fraud should be a key consideration. The Association of Certified Fraud Examiners (ACFE) reports that 75% of all business are victims of fraud-related crimes on a regular basis. In fact, the average business loses 5% of its annual revenue to fraud. With the average embezzlement taking 14 to 24 months to be uncovered, proper internal controls become increasingly important. This is especially true as many organizations scramble to contain costs and move forward into the next normal.

The Importance of Internal Controls in Fraud Prevention
When change is caused by disruption, processes become flawed. Business plans have to be put together quickly, but that also means details can fall through the cracks.

In this time of remote workers, business owners need to be even more diligent regarding company finances, including paying more attention to internal controls. In a normal business cycle, relaying on trust as an internal control can cause issues. In a remote working environment, trust as an internal control can have a long-term business impact.

As in any journey, proper internal controls begin with the “Tone at the Top” with no tolerance for non-compliance. This accountability must take place regardless of if your employees are working remote or located in a physical office.

It sounds simple, but it can be difficult to establish and continue long term. In the normal course of running a business, emotions get involved and emotions can have at times, varied effects on an individual’s thought processes. Now throw in a global pandemic and business lockdown. This is where policies and procedures come into play. In many ways, following policies and procedures is no different than “muscle memory.”

The problems begin when management lose focus on keeping employees accountable for their actions or in many cases, their in-action. Failing to follow internal controls allows employees to potentially manipulate their job duties and take advantage of situations. Remote work requires internal controls operate at peak efficiency. Management must insist on proper cross checking or review of work conducted. This can be done through video conference applications such as Zoom or Microsoft Teams.

Make sense of your internal controls and develop an effective fraud prevention program.

How Internal Controls Affect Your Accounting Department
Internal controls and processes are of critical importance to your organization’s accounting department. Internal controls and processes impacted include:

  • Banking reconciliation
  • Invoice review
  • Payment review or approval
  • Vendor verification or acceptance
  • Payroll verification or approval

In some ways, working remotely could potentially add a layer of tracking/tracing to the flow of approval. After all, any email between individuals or businesses are time and date stamped automatically. Also, options are available to require a “read receipt” or a “delivery completed” notification which can be stored, just in case something needs to be verified.

Should your organization be concerned there is a limited segregation of duties, here are some areas to consider reviewing:

  1. Bank statements
  2. Cancelled checks
  3. Cash receipts
  4. Inventory counts
  5. Payroll processing

Organizations should also consider a review of the following areas of their cybersecurity plan:

  1. Email accounts
  2. Computers/servers
  3. Networks
  4. Mobile devices
  5. Data retention/destruction
  6. Electronic funds transfers

We’ve outlined key areas that may be susceptible to fraud.

Out of Sight Working Arrangements Can Lead to Fraud Issues
When people are “out of sight” they can also be “out of mind.” The red flags of fraud become considerably less visible and harder to identify over the phone or via a video conference call.
The ACFE report shows the leading red flag for fraud is living beyond one’s means. It also shows the leading tip for reporting possible questionable activity is tips. Without being able to interact with people, it is extremely difficult to determine their questionable activity. The lack of interaction caused by remote working and social distancing measures may allow employees to take advantage of a business without their activity identified or uncovered.

One way to help stop fraud in a remote working environment is to go back to the basics. The easiest, least expensive and most quickly implemented internal control is for an organization to set up a “perception of detection” within the business. A simple explanation of this concept is, will a person speed or run a stop sign if they “believe” they will get caught? The answer is undoubtedly no. This same reasoning occurs in a business—are most people going to commit an act of embezzlement if they feel they will be caught? In most cases, the answer will also be no.

The Impact of Fraud on Your Organization
The ACFE has found schemes lasting longer than five years have a median loss of $850,000. They also found that companies with fewer than 100 employees have a median loss of $150,000.

There are not many businesses, especially in this time of economic uncertainty, that can afford to lose $150,000 let alone $850,000 to an embezzler. Are you prepared to protect your organization’s finances?

PODCAST
Two of our forensic professionals recently discussed fraud and embezzlement in our current remote working climate. Click play to listen.

Fraud Issues with PPP and Other Relief Funding
An added pressure for business owners comes when they accept CARES Act Funding. According to an article published by the law firm Baker & Hostetler, LLP, the CARES Act established three oversight bodies to verify all small business loans were disbursed and used properly:

  • Pandemic Response Accountability Committee (PRAC)
  • Special Inspector General for Pandemic Recovery (SIGPR)
  • Congressional Oversight Commission (Commission or COC)

Of the three investigative bodies, the PRAC and the SIGPR are the ones small and medium size businesses may have interaction with and be required to provide documentation to.

The PRAC has subpoena powers to conduct investigations to “detect and prevent fraud, waste, abuse and mismanagement.” Having the proper internal controls and review policies will allow a business to provide documentation related to ongoing businesses activity should they come under investigation.

The SIGPR is designated to “conduct, supervise and coordinate audits and investigations of the making, purchase, management, and sale of loans, loan guarantees and other investments.” Again, the proper internal controls will assist a business should the SIGPR come calling.

The owner of a South Florida moving company applied for and was granted $4 million in CARES Act funds to assist their ailing company. The problems started when the owner decided to use $318,497 of the relief funds to purchase a Lamborghini, which is not an allowable expense under the rules adapted by the Small Business Administration regarding CARES Act funds. The appropriation was intended to pay payroll expense for 70 employees, which equaled $4 million a month. The company had applied for four loans and was approved for three totaling $13.5 million.

These are likely to be the “tip of the iceberg” according to SBA’s inspector general. Preliminary review has identified potential “widespread” potential fraud in loan programs. According to the inspector general, a review of the Economic Injury Disaster Loan program applications showed more than $250 million in aid given to potentially ineligible recipients, as well as $45.6 million on potentially duplicate payments.

All companies, no matter the size, need to pay additional attention to their PPP Loan applications and use of approved funds. An independent verification of the use of loan funds can help ensure your organization is protected from potential fraud during these uncertain times.

From internal control review to examination of your proper use of loan funds, Eide Bailly’s got you covered. Learn more about what a top-rated forensic accounting firm can do for you.

Stay current on your favorite topics

SUBSCRIBE

Applicable Services

Take a deeper dive into this Insight’s subject matter.

Fraud & Forensic Advisory