Since March 2020 when COVID-19 was determined to be a global pandemic, life as we know it has radically changed. Everyone has been significantly challenged, and sadly, more than two million people have died globally. Yet, how prepared were business organizations in anticipating something that had not been seen in 100 years? As part of thinking about the unthinkable, I wonder how many organizations prior to 2020 included in their fraud risk assessments the possibility of a global pandemic and the associated frauds that could occur. I would say very few, if any, included such a likelihood.
Companies have lost millions of dollars to pandemic frauds. There have been personal protective equipment (“PPE”) scams with fraudsters offering non-existent or substandard masks, gloves, and other in-demand PPE. Fraudulent web domains, robocalls, emails, and texts have all been used to defraud businesses and individuals. The Association of Certified Fraud Examiners has issued a series of benchmarking studies on the impact of the pandemic on fraud occurrence, titled Fraud in the Wake of COVID-19.[i] The results are as expected. The respondents, representing organizations across all industries, observed a rise in fraud. The top five fraud schemes from the December 2020 study that showed an overall increase due to COVID-19 were cyberfraud (88% increase), payment fraud (82% increase), unemployment fraud (81% increase), fraud by vendors (80% increase), and healthcare fraud (79% increase).[ii]
Fraud Risk Management is a Priority
Had there been a better understanding of the fraud risk, organizations would have been better able to respond to and mitigate pandemic-related fraud, as well as other fraud schemes and scams affecting businesses. We will never eliminate fraud but implementing an effective anti-fraud program with appropriate fraud risk management can go a long way in protecting an organization. Fraud risk management is a component of an effective organizational ethics and compliance program. Included in an integrated approach is a fraud risk assessment. According to the Fraud Risk Management Guide, “A fraud risk assessment is a dynamic and iterative process for identifying and assessing fraud risks relevant to the organization."[iii]
A fraud risk assessment analyzes and documents the risk of fraud within an organization. This includes the occurrence or potential for occurrence of the three main categories of fraud: asset misappropriation, corruption, and financial statement fraud. It also includes the numerous sub-categories of occupational fraud including billing schemes, payroll schemes, fictitious revenues, conflicts of interest, bid-rigging, kickbacks, bribery, and many others. Included in a comprehensive fraud risk assessment are the third parties who work on behalf of an organization, namely vendors, agents, representatives, and others. The assessment should contain the fraud risks related to geography, industry, products and services, mergers and acquisitions, customers who are government run or state-owned entities, and other risk factors.
In every fraud risk assessment that I have performed for clients, previously unknown or little-considered fraud schemes were disclosed and addressed before they could become consequential events. For example, when conducting a compliance program assessment for a U.S. university system, I identified Foreign Corrupt Practices Act (“FCPA”) risk due to their business interactions in China. The university had minimal understanding of the FCPA with no policies or procedures to address that risk of bribery and corruption. In another fraud risk assessment that I conducted for a corporate entity, a formal fraud risk management program was recommended and implemented after the discovery of a long-running, multi-million-dollar fraud scheme perpetrated by a trusted manager in concert with an external party.
A Fraud Risk Assessment is Fundamental
According to A Resource Guide to the U.S. Foreign Corrupt Practices Act, Second Edition, “Assessment of risk is fundamental to developing a strong compliance program and is another factor DOJ and SEC evaluate when assessing a company’s compliance program.” The DOJ’s Evaluation of Corporate Compliance Programs, updated in June 2020, goes further by asking “What methodology has the company used to identify, analyze, and address the particular risks it faces,” and “Is the risk assessment current and subject to periodic review?” I contend that the risk of fraud is integral to an enterprise risk assessment. I further assert that if an organization fails to conduct ongoing fraud risk assessments, that organization does not have an effective compliance program.
While pandemic related fraud may be a once in a lifetime occurrence, the multitude of other commonly occurring and damaging fraud schemes are not. They are ever-present and successful organizations incorporate periodic fraud risk assessments to protect from regulatory, financial, legal, and reputational risk.
[i] Fraud in the Wake of COVID-19, Association of Certified Fraud Examiners, December 2020, https://www.acfe.com/covidreport.aspx
[iii] Fraud Risk Management Guide, Research Commissioned by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, September 2016.
About Martin Biegelman
Martin Biegelman, CFE, CCEP
SunHawk Consulting, LLC
Martin Biegelman has spent a lifetime detecting, investigating, and preventing fraud and corruption in various leadership roles in law enforcement, consulting, and the corporate sector. His work on behalf of corporate management and boards includes conducting internal investigations alleging fraud, corruption, Foreign Corrupt Practices Act violations, conflicts of interest, whistleblower retaliation, and other employee and vendor misconduct. Martin’s work also includes developing, assessing, and enhancing corporate compliance and ethics programs including internal investigative and anti-bribery compliance programs, as well as performing fraud risk assessments.
Click Here to view Martin's full bio
SunHawk Consulting, LLC and its compliance consultants and advisors are highly experienced in conducting fraud risk assessments for clients. Our subject matter experts can provide detailed insight into your specific risk profile and other compliance program needs. We are happy to have a discussion with you whether you have never conducted such an assessment or have not performed one recently.