The outbreak of COVID-19 (coronavirus) has resulted in an unprecedented increase in fraud and corruption. A fraud contributing factor, unique to this crisis, is the reduced oversight and control due to the decentralized way of remote working both internally and across the supply chain (e.g. third parties). This continues to expand the opportunities for fraud, particularly when coupled with the increasing complexity of global organizations in terms of technologies, financial transactions and processes, global supply chains and third party relationships. At the same time, the regulatory landscape is increasingly complex while regulators are enforcing larger fines and penalties are being issued like never before.
Audit committees have to address the various fraud and corruption risks head-on, ensuring that appropriate safeguards are in place and that whistle-blowing channels are both fit for purpose and working as intended.
COVID‐19 has had unthinkable impact on our society and the world economy faces an economic downturn. Organized crime has been quick to respond, mounting large scale orchestrated campaigns to defraud customers, preying on fear and anxiety. Within organizations worldwide, we have seen an increasing rise in fraud and corruption as COVID-19 distracts business from internal control and creates a working conditions in which all three classic fraud indicators – opportunity, motive, and rationalization – coincide.
Our experience of the previous crisis suggests that in such times, management could resort to creative accounting techniques to draw a better picture of the business performance and/or its balance sheet. This is particularly relevant where the management is incentivized by reference to the underlying performance or is target pressured. This increased pressure could motivate the management to misuse company assets or make false applications to government relief packages available.
Another fraud contributing factor is the remote working of organizations’ workforces, which has put internal controls under greater pressure. Financial controls are not adapting well to the mass remote working environment. Segregation of financial functions are vulnerable to override, the ability to verify if goods or services have been received is impeded and hasty system work-arounds to get things done are becoming more common.
All these factors and heightened pressures potentially compromise the overall integrity of a business’ control framework. The audit committee should therefore be proactive and urge management to review their existing fraud risk and control environment and to implement increased transactional reviews, exception reporting and/or other controls in order to adjust to new realities arising from COVID-19.
While the ultimate responsibility rests with the board as a whole, audit committees are typically tasked with the principal oversight of fraud, misappropriation and whistleblowing systems, with the direct responsibility for anti-fraud efforts generally residing with management, including internal audit.
As an important first step to its fraud risk oversight, the audit committee should make sure management has fraud risk management right. The audit committee must be properly informed and actively engaged in overseeing the process while avoiding taking on the role or responsibilities of management. To this end, it should seek input from legal counsel, internal and/or external audit.
The audit committee should seek to ensure that management has considered all risks that are likely to have a significant financial, reputational, or regulatory impact on the organization. For any such risks, a rigorous assessment of the relevant internal controls – including their ability to detect or prevent fraud – should be made. Effective monitoring of these internal controls and periodic re-assessments of their effectiveness are key elements to stay abreast, together with management’s active engagement in the process.
Weak internal controls was the root cause of 61% of the fraud cases we studied.
The audit committee should consider whether effective fraud awareness programmes are in place, updated as appropriate and effectively communicated to all employees. Also, the need for periodic fraud awareness training for all employees should be stressed. Importantly, the audit committee must be equipped to assess, monitor, and influence the tone at the top to aim at enforcing a zero-tolerance approach to fraud. The audit committee should be sensitive to the various business pressures on management – to meet earnings estimates and budget targets, meeting incentive compensation targets, hiding bad news, etc. – and how small adjustments can snowball into bigger problems.
The audit committee’s objective should be to ensure that arrangements are in place for the receipt and proportionate independent investigation of alleged or suspected fraudulent actions and for appropriate follow-up action. Whistle-blowing procedures are a major line of defence against fraud, and audit committees have a role in ensuring such procedures are effective.
Over 58% of fraud cases are detected by tip-offs (e.g. whistle-blowing reports) or internal audit.
The importance of whistle-blowing systems has recently been underlined by the European Council of Ministers, who, on 7 October 2019, formally adopted a new Directive on the protection of persons reporting on breaches of Union Law. The new Directive will require all legal entities in EU Member States to adhere to certain minimum standards for protection, and obliges the creation of safe channels for reporting – both within an organization, private and public, and towards public authorities (for more information, click here). While this Directive is not yet codified into Belgian law (as of June 2020), organizations are starting to adopt it as a matter of good governance.
By focusing on fraud risk management and whistle-blowing channels – and considering it within the context of the organization’s overall approach to enterprise risk management – the audit committee can help strengthen internal controls, financial reporting, and corporate governance.
The Board Leadership Center offers non-executive and executive board members and those working closely with them (including CROs and Heads of Internal Audit) a place within a community of board-level peers and access to topical seminars and ‘lunch and learn’ Board Academy sessions, invaluable resources and thought leadership, and lively and engaging networking opportunities.