Companies institute elaborate controls to prevent or detect fraud. We as public accountants devote a significant amount of effort on our audits toward preventing or detecting material fraud. For all that we do as a profession, the risk of fraud, and its potentially large impact, never go away. While we haven’t experienced another Enron or Bernie Madoff recently, what’s to say that the next scandal related to fraud isn’t right around the corner?
Fraud risk thrives in periods of change. The larger the change, the larger the risk. And we are currently in the midst of one of the largest periods of rapid change that most of us have ever seen, our collective response to the COVID-19 pandemic. While our responses to the COVID-19 crisis have often brought out the best in many of us, the pandemic has also, in certain instances, provided opportunities to those who would like to exploit the chaos that rapid change often creates for their personal benefit.
Whether you are preparing for an audit or just trying to fraud-proof your company, it’s vitally important that you take stock of the impact of COVID-19 related changes to your operating environment and related internal controls. As with anything related to fraud, the fraud triangle is a good reference point to assess the risk of fraud throughout your organization. Per the fraud triangle, each of these three elements is necessary in order for fraud to be committed:
- Incentives – What’s in it for me
- Opportunity – Capitalizing on poor internal controls
- Rationalization – How do I live with myself
This applies for fraud related to both misappropriation of assets as well as fraudulent financial reporting.
Let’s explore each of these sides of the triangle, in the context of COVID-19.
As for incentives, it is likely that the same pre-COVID-19 incentives are there now. However, companies may have unwittingly added new incentives for fraud with their responses to the COVID-19 pandemic. It is important to inquire about changed bonuses or other incentive criteria, changed levels of payouts under such awards, or any other changes in compensation or rewards that have been introduced due to COVID-19. With such knowledge, you can assess if this side of the triangle has lengthened.
As for rationalizations, this was always the most difficult element of the fraud triangle to assess and protect against, as it is based on individuals’ personal moral code and motivations. However, as many more are currently experiencing economic hardship as a result of COVID-19 related mitigation efforts, it’s safe to assume that some peoples’ ability to rationalize fraudulent behavior has increased in these trying times.
That leaves opportunities. While implementing and maintaining an effective system of internal controls is likely the most controllable aspect of the fraud triangle, it is likely the one that has undergone the most significant change as a result of COVID-19. It’s safe to assume that virtually all entities had some disruption to their operations as a result of the COVID-19 pandemic. Often these disruptions required the implementation of new ways of doing things for many people. As such, significant change occurred in how the entity does business. As we said, change means risk, and significant change means significant added risk, or at least potentially.
In order to assess this increased risk, it’s important to understand what’s changed. Who is doing what, when, and how? And how is that different from what was being done before? With this understanding, an auditor, or anyone interested in preventing fraud, can assess how fraud can occur and what controls are needed to prevent it. In some instances, existing, pre-COVID-19 controls continue to operate and continue to be effective in this new environment. However, often, either these existing controls no longer apply or can’t be performed virtually, requiring the design and implementation of new anti-fraud controls. Identifying these gaps and plugging the holes can be very challenging and time-consuming, especially with many continuing to work in the virtual environment. However, as this is where the fraud risk lies, it’s where our attention needs to be. Now is the time to start this process.
Preventing fraud is always challenging, as the fraudsters always seem to be one step ahead. Add in the COVID-19 disruptions and we really need to be on our game in order to prevent fraud. Surgent offers several opportunities in order for you to learn more about anti-fraud controls and our anti-fraud requirements on financial statement audits. Our four-hour course, Fraud Basics: Protecting the Company Till (DRF4), focuses on what factors contribute to turning honest employees into schemers, and what you can do to protect yourself and your company against them. From the audit perspective, Performing an Effective Audit Risk Assessment in the COVID-19 Environment (RAC4) reviews how to perform an effective risk assessment, including the assessment of fraud risk, in the COVID-19 environment.
Rich Daisley, CPA, is Vice President of Accounting and Financial Reporting Curriculum for Surgent CPE. With over 26 years of experience in the accounting and auditing field, Mr. Daisley has worked in both the client service setting, mainly for PwC’s Capital Markets and Accounting Advisory Services Group and for PECO Energy’s Merger and Acquisition Group, and in the internal capacity setting as a course developer and facilitator creating leading training courses for PwC and Surgent. Rich lives in suburban Philadelphia.