The “Covid Era” or the failure of internal controls
With the onset of the new “Covid era” and the expansion of home office work, previously unknown to many of us, the topic of appropriate setup of internal controls for companies that have been operating on “paper” basis and not only for them has emerged. Many employees experienced various difficult life situations during these complicated times. Not infrequently, the psyche was under high pressure, there was a feeling of threat, concern for one’s health and uncertainty as to being able to meet one's regular commitments. At such a time, of course, the risk of fraudulent behaviour increases.
Let us introduce a popular management tool in audit for predicting fraud risk, the so-called Fraud Triangle. This pictogram represents the key elements which, if they occur, may lead individuals to fraud at an increased rate.
The motives of individuals are different, both from the economic point of view – financial pressure, difficult life situation and the need to solve it acutely, as well as the human psyche itself. Here, human characteristics such as greed or the feeling of inadequate appreciation by the employer play an important role. One of the motivations is also pressure from the management.
The risk of fraud increases for an individual, who is motivated and also has the opportunity to commit fraud. For example, by identifying ineffective internal control settings when working in home office mode. Or by detecting a loophole in the system. The individual takes advantage of a flawed internal structure mechanism at the enterprise. It is therefore necessary to respond to the needs of the setting in a non-standard working environment.
When motivation and opportunity go hand in hand, the third and final necessary component of fraud is the rationalization of the fraud itself, i.e. the reasoning of the individual regarding for carrying out the fraud. That they are doing so in their own self-interest and deservedly and without regard to ethical conduct. This may also be due to a desire to help the entire work team and, last but not least, a feeling that fraud is being tolerated in other workers and therefore okay.
A real-life example
The payroll accountant, Ms. A, switched to home office work due to the employer’s response to the government’s anti-epidemic measures. Her husband is a seasonal employee at the local ski area and his contract has not been renewed. They find themselves in a difficult living situation, they need to pay a mortgage and they’ve lost half of their household income. Here comes the first part of the triangle (motivation/pressure). A colleague of Ms A, with whom she had shared the workload, became ill with Covid and is hospitalised. Mrs A has to take over part of her agenda, the principle of 4 eyes control is not working and the opportunity for fraud is increasing. Manual checking by another person is expected to create a new employee including their account number. Ms A. knows that the CFO, Mr B., who approves the monthly payments for the employees’ salaries, is very busy and practically only authorises the payment order. The second element of the fraud triangle – opportunity is identified. Ms. A. is tired, she’s been processing payrolls into the night for several days. She feels unappreciated for the overtime hours she has not contractually settled with her employer, and this is where the last element of the triangle – a justification of the act – comes into play. Ms. A. commits fraud by means of a “new employee”, entering her bank account. As of the date of the monthly financial statements, Mr. B’s supervisor, the Chief Financial Officer, does not perform sufficiently effective control to identify fraud and signs the approval for the monthly salary payments.
Companies often do not have any procedures in place to identify the emergence of potential fraud and focus on detection at most. However, an important part should be the prevention and elimination of such situations. In the “Covid era”, when employees often do not feel sufficiently connected to the organization (remote working, no personal contact), such prevention of increased risk of fraud should consist in greater mutual communication and awareness. An important part of this is the need to make it clear to the potential fraudster that internal controls are in place and working and that the benefits gained are by far not worth the consequences, if attempted or discovered. It is necessary to choose a strategy aimed at preventing fraud from occurring, and an integral part of this should be to understand its causes, identify the areas, where it is most likely to occur, and put in place procedures to guard them.
Changes in established practice
Many companies were caught off-guard by Covid and the home office boom. Checks were either non-existent, manual or paper-based, and thus dysfunctional without the possibility of personal interaction. Automated and digitized controls were created practically on the go. Perhaps the greatest contribution of the Covid period therefore lies in this progress.
How Grant Thornton can help?
We will analyse existing processes and proposed internal controls, assess their design and implementation and suggest improvements. We can also help with the digitization of circulation, approval and posting of accounting documents and, therefore, the elimination of errors caused by transcription of data.
Author: Iveta Hořejší, Leoš Horváth