Drawing from the Fraud Triangle Theory, Alvarez & Marsal’s Chris Fordham discusses how the economic downturn has created a ‘perfect storm’ for fraud and misconduct.
The global economy is shrinking at its fastest pace in decades, according to the International Monetary Fund (IMF), and like a bad penny, spectacular fraud scandals are once again in the headlines.
Dating back to the 1960s, Dr Donald Cressey’s Fraud Triangle Theory still holds true today and can continue to help businesses in their efforts to identify fraud risks and prioritise strategies to mitigate them. In addition, with remote working on the increase due to the Covid-19 pandemic, it is time for companies to revamp their compliance frameworks to overcome these new unfamiliar challenges with effective strategies.
Applying the same principles of Dr Cressey’s model to current times helps to explain how financial pressures from the downturn and Covid-19 itself, coupled with increased opportunities for unethical behaviour to go unnoticed, have created a perfect storm for fraud and misconduct to occur.
There are three main pressures that can be expected to arise from the current situation:
- Management faces huge pressures to keep their businesses alive, and sadly some will be tempted more than ever to manipulate their financial results to present a brighter business outlook to maintain the confidence of customers, suppliers, investors, banks and other stakeholders.
- Employees are under increased personal financial pressure as fears of redundancies, salary or bonus cuts, and struggles to maintain living standards arise. As a result, some may resort to finding ways to gain value from their employers through unethical behaviour such as embezzling company funds.
- Businesses are facing an extremely competitive environment as they emerge from the downturn, and this is leading to more pressure to commit acts of bribery and corruption to secure or retain contracts or other business advantages.
These personal and business financial pressures create a higher likelihood of fraudsters rationalising their wrongdoing to survive the crisis.
While these unethical behaviours are not new, the ability of Internal and External Audit teams to prevent, detect and investigate them has been hindered in the current environment where many people are working remotely, presenting opportunities for misconduct.
In addition, businesses are cutting costs through layoffs or furloughs, resulting in organisational shifts that have disrupted internal audit controls at some firms. Misconduct that would be flagged up under normal circumstances is now more likely to go undetected. Unfortunately, management at some firms, being the first to notice the disruption of these important safeguards and controls, could see this as an opportunity to commit wrongdoing with a lower risk of getting caught.
Strategies to Combat Heightened Fraud and Misconduct Risks
The current crisis provides a wake-up call for companies akin to a contingency planning exercise for their compliance frameworks, which are unlikely to have ever been tested for effectiveness in such challenging circumstances. To deal with increased fraud and misconduct risks in the ‘new normal’, businesses should look into the following strategies:
Investment in real-time monitoring technology. Covid-19 has created an environment where more and more employees are working remotely and using personal electronic devices. This creates issues with connectivity in terms of compliance monitoring and detection of unethical behaviour. Technology-assisted systems to expand on the use of forensic data analytics and to facilitate real-time monitoring of communication including emails and chat data on phones can be of great help in solving these issues. Compliance frameworks will also need to be augmented to address and mitigate remote data collection challenges, for example addressing vague or absent provisions relating to access to company data stored on employees’ personal devices.
Effective and trusted whistleblower channels. The Association of Certified Fraud Examiners’ (ACFE) 2020 report to the Nations highlighted how most frauds come to light through tip-offs or whistleblowing. The report found that businesses with whistleblowing hotlines detect frauds faster than those without such hotlines. With the second highest reporting channel, Internal Audit, hindered by the inability to travel and effectively conduct their audits remotely, the tip-off channel becomes more important than ever before. However, while tip-offs remain the highest channel for reporting unethical behaviour, still at least a third of whistleblowers (according to the ACFE Report) do not trust their company’s own established reporting mechanism, preferring to report to their direct supervisor. This is likely due to fears of repercussions or the perceived detrimental effects to the whistleblower’s career. Concerns about anonymity and confidentiality of the reporting mechanism need to be dealt with in order to foster this trust and ensure the mechanism is effective.
Compliance training. A culture of compliance needs to continue being built, fostered and maintained within companies. With employees working remotely and compliance resources being stretched, this culture may erode, making businesses more vulnerable to threats than ever before. Now is the time to create more regular virtual meetings and compliance training sessions in order to foster a culture of compliance and protect companies from internal threats. New and unfamiliar threats are emerging from the current crisis, such as cyber-attacks in the form of email scams claiming to be Covid-19 updates. Employees will also need to be trained on these new external threats in order to better detect red flags. Repeated training and messaging has been shown to encourage use of the whistle-blowing mechanisms, as employees are more likely to submit tip-offs through reporting mechanisms when given training (ACFE Report).
Case assessment and triage. With potential delays and/or inefficiencies being created in the timetable for undertaking investigations, compliance teams will need to prioritise fraud alerts, through case assessment and triage. This will involve a re-appreciation of the company’s fraud risk universe, weighing them up and categorising risks by levels of threat to the organisation, widening investigation resources to include those dedicated to low-level threats, and lining up external experts for high-level threats. Also, as a crucial part of business continuity planning, compliance frameworks will need to place greater emphasis on understanding the local nuances of undertaking internal investigations in various geographies where a company operates. This is particularly important when more experienced overseas investigative resources are unable to be deployed locally.
Despite the budgetary pressures on firms during the current crisis, it is not the time to lessen the financial support for compliance. Now more than ever it is important to remain vigilant and implement effective strategies to mitigate fraud risks.
Chris Fordham is a Managing Director at Alvarez & Marsal’s Disputes and Investigations team in Hong Kong and China.