Fraud, Compliance & Integrity Risk During a Crisis and a Downturn

As a crisis unfolds, like Coronavirus and markets decline globally, fraudsters will be adapting, and new risks will emerge, and some risks will increase.

Remember, white-collar criminals adapt by profiling us so that they can exploit our weaknesses. So companies need to develop a strategy that enables the deployment of appropriate tactics to manage these new or increased risks.

This writing explores some fraud, compliance, and integrity risks and is intended to provoke discussion.

The Human Factor –”Just One Time”

 

meta model for blog
©Copyright 2020 Advanced Meta-Model of Fraud – Jonathan T. Marks, Richard Riley Ph.D., and Scott Fleming Ph.D.

A crisis can and often does increase the pressure on senior management and, of course, salespeople to meet their sales targets! Deviant behavior, like overriding or circumventing controls “just one time”, is easily justified.  So it should go without saying that companies and their boards need to recalibrate and, in most cases, increase their oversight today and after the crisis until things stabilize.

Why? Because of the likely mindset to maintain and if that’s not possible, make up for lost opportunities!

enemies of controls blog
©Copyright 2020
  • Remember, most fraud is initially uncovered through tips!  Ironically there seems to be no whistleblower provision in the CARES Act!
  • Using the crisis to delay, shortcut, or skip procedures and the likelihood of getting caught.

Business people collaborate together in office. Double exposure effects

Live Human Interaction

A crisis could and today have restricted “live” human interaction, thus performing investigations, maintaining the compliance program, internal auditing, and conducting other procedures could be challenging.

Some areas that we should focus on:

  • Ethics and compliance training schedules.
  • Delays to time-sensitive internal investigations.
  • Interviews.
  • Confidentiality.
  • Collection of electronically stored data.
  • Challenges related to merger or acquisition due diligence.
  • Third-party audits.
  • Internal audits.
  • Compliance reviews.
  • The observation of physical inventory or cycle counts.
  • Internal control walkthroughs.
  • Collaboration with legal, compliance, and internal audit.
  • Exit interviews.
  • Executive sessions with the Audit Committee.

Note: The Audit Committee will more likely than not will be focused on scenario plans, stress tests, and the company’s enterprise-wide risk management program. They will need to understand and then explore with senior management the plan for monitoring and dealing with emerging and increased risks and the possible impact.

I have some creative ways to tackle some of the challenges above. So please reach out when you are ready.

A blindfolded businessman about to step off of a ledge.

Other Risks that Should be Considered by Boards and Senior Leadership

While not all-inclusive, the list below could increase risk:

  • Incapacitated leaders/executives (succession plans)
  • Over-reliance on skills and capabilities of others filling a void.
  • Management override of controls.
  • Pressure to manipulate the financial results and disclosures (i.e., Non-GAAP).
  • Insider trading
  • Regulation FD – full and fair disclosures.
  • Overworked employees.
  • Terminated or furloughed employees, without sufficient time for employers to reflect on the longer-term consequences.
  • Shortcutting hiring practices.
  • Over-reliance on technology.
  • Improper or failure to conduct quality control procedures or good practices.
  • Meeting investor expectations.
  • Complying with bank covenants.
  • Abuse of certain (government) programs.
  • Translation loss due to meetings being done over a video conference or telephone.
  • Reduced or no time to monitor relevant key risks.
  • Failure to follow up on remediation activities.
  • Physical control over assets.
  • Write down’s (assets) to cover up other issues.
  • Inferior/Substandard or counterfeit products.
  • System access is given without assessing risk, including the theft of intellectual property.
  • Phishing scams.
  • Time/Billing fraud.
  • Using social media as an emotional outlet.
  • Leaks of confidential internal information.
  • Opportunities to bribe to to assist in obtaining or retaining business.
  • Reduced or lack of due diligence or KYC when onboarding a vendor or customer.
  • Side agreements.
  • Loopholes that are being exploited that could put the companies reputation at risk.

Closing

Most employee frauds are opportunistic and not well-planned, ingenious schemes.

During a crisis the speed of change is such that opportunities to commit fraud will be prevalent. Thus, recognizing risks and staying vigilant is a must to reduce those opportunities.

Lastly, remember trust can be, and often is, a professional hazard!  To read my writing on Skepticism click here.

I welcome you thoughts and ideas.  Stay safe and be well.

Best,

Jonathan Pic

Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE and NACD Board Fellow

Tags:
Skip to toolbar