Fraud examiners understand that investing in fraud prevention and deterrence, along with resources to help investigate fraud, is pivotal for organizations of any size. When the COVID-19 pandemic hit, fraudsters pounced on new opportunities created by the changing economic and working environment. However, along with an increase in fraud, many anti-fraud professionals saw their organizations cutting back on budget during this time due to the shifting economy. If convincing their C-suite to invest in anti-fraud resources was difficult before, the pandemic likely made that task even more challenging.
So what trends and areas of concern are executive-level anti-fraud professionals seeing today? In the panel discussion, “The C-Suite's View on Fraud,” at the 32nd Annual ACFE Global Fraud Conference, the participants offered a glimpse into their day-to-day lives as they balanced larger organizational business objectives during a time of international crisis while keeping an eye to the future for preventing fraud.
One of the largest fraud risks that the panelists addressed as being top of mind was the transition of their employees working from home. Organizations had to move quickly to set up secure options for workers. Panel moderator Bruce Dorris, J.D., CFE, CPA, president and CEO of the ACFE, said, “We had to turn on a dime to get a lot of these processes in place.” The other panelists agreed with those changes immediately presenting a challenge. “Overnight we were able to successfully move 95% of our staff … home. That brought on new risks from a potential fraud standpoint,” said Dan Soto, Chief Compliance Officer for Ally Financial. “We had to become more nimble.”
With nearly all employees using their home internet connections instead of on-site servers, many organizations worried about what level of security they could maintain while continuing to conduct business. “We knew the cybersecurity risks and that landscape was going to change significantly,” said Grant Thornton’s CEO Brad Preber, CFE, CPA/CFF. “What it really did is turn our focus … do we have the IT backbone to carry this level of traffic?”
Julia Charter, Chief Risk and Audit Executive for Microsoft, explained that not only were they thinking of the security of their employees, but also the security of the multitude of organizations that use Microsoft products to conduct business. “When you think of our top enterprise risks, [cybersecurity] is one of our top enterprise risks … our products are vulnerable to cyber [fraud],” she said. “How can you build products to better help defend against any of those cyber risks?” She said Microsoft worked closely with customers to try and ensure security, but added, “Honestly, it’s just been crazy for everybody.”
One important area for organizations to look at when trying to decrease these cybersecurity risks is increasing collaboration and communication between anti-fraud departments and IT roles. “The coordination between those groups of activities is critical,” said Soto. “Everybody has a job in all of this, but we also need to coordinate and find out what happened … we’re paying a lot of attention to it, and we can’t do this alone.”
In addition to risks from fraudsters attacking potentially weakened cyber defenses, the COVID-19 pandemic also created more challenges in terms of preventing and investigating occupational fraud. “The pandemic created the most significant fraud profile in my lifetime,” said Preber. He referenced the three components of The Fraud Triangle — pressure, opportunity and rationalization. “Never before have we seen pressure so intense,” he said. “Never before has the ability to rationalize bad acts so acute.”
Panelists also discussed the hurdles in detection and investigation created from not seeing and communicating with people in person. “Think about the benefit of water cooler talk,” Charter said. “The best conversation you have isn’t the one you have in the room, it’s the one you have outside the room.” Soto said, “It’s not just what we see, it’s what we don’t see as well that we need to pay attention to … there’s a lot of activity that takes place behind the scenes that’s important.”
While the pandemic isn’t over, executives are thinking about what a “return to normal” might mean for their organizations. “What I don’t think we’ve all mastered yet is what the post-pandemic environment will look like,” said Charter. “I think the biggest piece that we’re wrapping our head around … what does it mean in terms of how we’re collectively going to be working. And in many cases, we will end up with more hybrid working environments.” Soto agreed, saying, “Re-entry is going to be interesting. Not just in the short term, but in the long term.”
Klaus Moosmayer, Ph.D., the Ethics, Risk and Compliance Officer for Novartis, stressed the importance of continuing the open communication between members of the C-suite and different departments even after the immediate effects of the pandemic end. “You need a holistic enterprise risk management system,” he said. “Sometimes people believe that if you sit at the famous C-suite, that’s all you need, but that’s not true … As leaders, our skills and collaboration … are extremely important. As important as the professional skills we acquired over the years.”
Charter emphasized that the changes in the way people communicated with colleagues while remote may have a lasting affect on organizations for years to come. “The pandemic was change. So how do you handle change? You have to overcommunicate,” she said. “Pre-pandemic, we’d often have long meetings where you might have a day-long event. And what we found in the pandemic … is those just don’t work. People don’t want to sit there listening to information through a screen for an extended period of time, so you have to adapt how you operate … The least number of words and the least amount of mental effort required to decipher the words are what you’re after.”
Preber had a last word of advice for the attendees in which he referenced the Dos Equis beer commercials that featured “the most interesting man in the world.” Preber urged fraud examiners not to stay thirsty, but, “stay skeptical my friends.”