Controlling and Investigating Fraud in a COVID World

Controlling and investigating fraud can be complicated and the current environment will only make it more challenging.

In this article, we will share examples and insights gleaned over the years about types of fraud companies may encounter in this current remote-centric society. Additionally, we will review challenges companies face in preventing, detecting, and responding to fraud-related activities.

External vs Internal

Corporate fraud falls into two basic categories: internal frauds committed by company insiders and external frauds committed by outside actors.

From the Outside Looking In

Employees often serve as unwitting accomplices in external frauds. Phishing — clicking a link in an unsolicited email, not only compromises the computer, but often the network to which the computer is connected – this can be problematic for companies with remote employees overwhelmed with emails. Cyber criminals with access to sensitive operational and financial information will wreak havoc on any company.

An Inside Job

In an economy where pressure to reflect some level of success is intense, company insiders may be tempted to inflate financial statements - not to boost their bonuses, but to merely maintain the company’s line of credit and stock price, or to keep their employees. Some employees might be under intense personal financial pressure and will attempt improprieties for their own benefit. The following are some common types of internal fraud we have seen and uncovered:

• Vendor Fraud. An employee from the company creates a fictitious vendor and the employee then funnels fraudulent transactions through the entity. Additionally, an employee can collude with an external vendor, giving the vendor favorable contracts and excessive payments in exchange for kickbacks. With employees looking for opportunities and vendors desperate for business, vendor fraud could be prevalent.
  
  
• Asset Misappropriation. Asset or inventory misappropriation is a common scheme involving employee theft of a company’s goods inventory. For example, an employee in the distribution operations of a manufacturer may remove perfectly sellable items from the company’s inventory, label them as “damaged” or otherwise unsellable, and designate them as scrap. The employee then reroutes them to a third-party seller.
  
  With many company warehouses working with skeleton crews, security will be at a minimum and opportunities for fraud will elevate. People are being terminated every day and it is being done in a way never done before – remotely. Do they still have access to company systems? Did they have in their possession valuable hardware and important documentation? Even if they aren’t the ones who were terminated, they are seeing others around them fired and are wondering when and if they are next. This type of situation can lead to employees stealing client lists, formulas, business plans and other intellectual property, in anticipation of their separation.
  
  
• Revenue Recognition. A revenue recognition fraud involves booking sales or services that haven’t been sold or delivered to customers. In a classic scenario, management needs to make their numbers for the period or a sales team needs to hit their sales quota. To get there, salespeople are told to falsify sales invoices and ship the goods to a third-party warehouse for storage. The sales team gets credit for the sale, an invoice is generated, and the company books the revenue. The drawback is that the company is saddled with an account receivable that does not, in fact, exist, and serious revenue-recognition issues if the fraud goes unchecked. In companies with trading operations, covering up these unrealized returns can be hidden through hedging and the scheme can go undetected for a longer period-of-time if appropriate controls are not in place. With companies struggling to show that their revenues have not plummeted, they will be tempted to ‘cook the books’ in hopes of making it up when this crisis subsides and the economy recovers. 
  
  

Preventing Fraud

There is a lot a company can do to prevent fraud and ensure it does not go undetected for long periods of time. Companies that are successful in preventing fraud are those that implement strong internal controls with checks and balances; have an effective hotline; create an independent compliance function; and dictate a strong zero tolerance tone at the top, with full transparency and accountability. All of these areas must be revisited with the structural changes that have occurred. A remote workforce, reductions in workforce, and a stressful work environment are all reasons to conduct an updated risk assessment to determine if and where your company has gaps.

Even with all possible measures put in place to prevent fraud, the question of how a company can detect when employees are perpetrating a fraud still remains. Some tools and approaches can include: periodic fraud risk assessments; robust third-party due diligence and management assessments; and, real time monitoring, along with continuous fraud awareness training and reporting hotlines.

It also pays to note unusual behavior. The norm in today’s environment can be questioned but habits indicative of nefarious behavior should be watched closely.

The risks and processes that companies need to address will be evolving as we move through these challenging times. Citrin Cooperman’s Forensic and Litigation professionals are here to assist.