With most office workers still toiling from the confines of their home offices and kitchen tables, and some unhappy with their current circumstances, many organizations are concerned about the potential for a rise in fraud.
Yesterday, to address that heightened risk, the Institute of Internal Auditors released the report A Blueprint to Managing Corporate Fraud.
The report, written in collaboration with the Latin America Foundation of Internal Auditors, is part of the IIA COVID-19 Resource Exchange, and focuses on a practical approach to the increased risk of fraud in organizations due to the pandemic.
The Coronavirus Crisis, bringing about an increase of remote work and large employee furloughs has opened up new avenues for fraud. The global economic contraction harms employee morale and has heightened vulnerability to overstep ethical bounds. The guide uses the fraud triangle, where opportunity, pressure, and rationalization factor into the occurrence of fraud, and examines how COVID-19 heights the possibility for all three elements.
“Anyone with the slightest understanding of fraud is familiar with the concept of the fraud triangle, which identifies pressure, opportunity, and rationalization as the key ingredients,” Richard Chambers, president and CEO of the IIA said. “The pandemic is fueling the first—pressure—in myriad ways, as its impact on economies threatens the financial well-being of millions of organizations and billions of workers globally,” he said.
In terms of pressure, employees may feel financial and emotional distress from the circumstances of the virus. The analyst expectations and benchmarks may become more difficult to hit, and employees may start facing salary reductions or even layoffs, further adding to the stress. Job insecurity may also fray the faith of the employees.
Less Oversight
With more limited management oversight working from home, employees have more opportunities to circumvent controls. With layoffs to staff, segregation of duties might become more lax. Because of other challenges, organizations may not prioritize risk management and the budgets for risk control may decrease.
Finally, because of the stress of the pandemic, employees’ moral compasses may become compromised as they rationalize their actions. Employees may experience less loyalty and justify bad behaviors. When the organization pivots its priorities, employees may also think that fraud is no longer as important as it was before.
Three Lines
The report recommends adapting the Three Lines Model to mitigate fraud risk. The first line, the operating body, should set the tone about the importance of fraud by instating or reinforcing a zero tolerance policy and prioritize areas that have the most risk of fraud. The operating body can also review corporate insurance to make sure that the organization is protected from fraud risks.
The second line, the management, should create an environment where employees are motivated to report fraud through a whistleblower hotline. Management needs to assess whether risk management teams have the resources to properly function, even with furloughs. Targeted fraud training, especially aimed at high-risk areas, can mitigate the risk of fraud. Finally, management can continuously review accounting standard and expand audit to prevent fraud.
The third line, the internal auditors, need to reassess the controls from management, especially if they have changed. Auditors must recognize and advise on strengthening vulnerabilities they see within the structure, especially in regards to information security. Auditors need to conduct surprise audits and use data analytics to identify high-risk transactions, and continuously monitor and update auditing tools as the COVID-19 situation develops.
Common Targets of Fraud
Organizations need to actively monitor for fraud and identify fraud risks as they emerge. The departments most vulnerable to fraud include operations, accounting, executive management, and sales. Fraud that companies must look out for include corruption, asset misappropriation, and financial statement fraud. Cybercrime is also especially important, as working from home opens companies up to vulnerabilities from hackers and other cyber-criminals.
To adapt and protect organizations from fraud during the pandemic, one must first understand that the fraud risk is heightened, and take proactive steps to mitigate the threat. Making sure all three lines work in a coordinated effort to identify and fight fraud can mitigate the risks that the Coronavirus Crisis is threatening. 
Stephanie Liu is assistant editor at Internal Audit 360°