This year we will continue to see a significant number of employees working remotely to counteract the difficulties presented by COVID-19.
In recent months a vast number of cyber-attacks have made news headlines, the majority of which have been attacks from outside the organisation.
Whilst external threats are often perceived as more concerning, threats from within the business can be equally as (if not more) damaging. Employees, be it individually or in collusion, are best placed to identify opportunities to carry out fraudulent deeds. They are all too familiar with the procedures and controls in place to conceal such acts, therefore, it is important that businesses take action before it is too late. In today’s COVID-19 environment it is more important than ever to consider whether your business has appropriate internal controls in place to deter employees from carrying out fraudulent acts from the inside.
A recent Association of Certified Fraud Examiners (ACFE) Report to the Nations 2020 Global Study on Occupational Fraud and Abuse identified the impact of internal fraud on businesses. The ACFE report identified occupational (internal) fraud typically went undetected for 14 months. A large majority of such cases were identified by tip-offs and internal reviews. The ACFE study also identified of the internal fraud cases examined, 15% of fraudsters worked in the Operations Department, and 14% worked in the Accounting or Finance Department of the organisation. Upper Management was also identified as being involved in 12% of internal fraud cases studied.
The well-known Donald Cressey's Fraud Triangle hypothesis explains why an employee commits fraud; employee fraud occurs when an employee identifies an opportunity, has the incentive, and the rationale to carry out such an act. It could be argued that the COVID-19 pandemic has somewhat created all three of these elements with the presence of job losses, dependence on government supports, and the increased financial burdens on many households and businesses alike. It is now even more important that businesses identify what current risks they are exposed to and put protective measures in place.
You should consider undertaking regular internal fraud risk assessments to identify areas of weaknesses in your business. From here, controls currently in place can be modified to adapt to the ever-changing fraud landscape. It is important that the Internal Audit Team is well resourced to perform its duties diligently, and that your businesses environment encourages whistleblowing. You should also ensure anti-fraud training is provided and made mandatory. Management need to be alert of changes in employee behaviours, and take the necessary steps to protect the business from internal fraud risks. The introduction of an employee support program may also assist.
External and internal threats need to be managed carefully to protect your business – especially in the current environment.