While fraud represents a danger as old as finance itself, 2020 and 2021 have produced a combination of conditions unlike anything in business history. As a consequence of the COVID-19 pandemic, masses of workers either quit or were cut. Secure workplace devices moved from main offices to home offices. Organizations once flush with cash had to deal with revenue death spirals. And workers suddenly untethered from seemingly secure employment wrestled with the temptation, whether out of revenge or opportunity, to dip into the company till.
Mitigating the Risk of Fraud: Practical Observations and Lessons Learned, a report produced in June by the Anti-Fraud Collaboration (AFC), confirmed much of what's known about fraud and explored some of the new realities in today's landscape and what organizations can do to confront them. The report represents the efforts of the four organizations that make up the AFC: the Center for Audit Quality (CAQ), which is affiliated with the AICPA; Financial Executives International (FEI); the Institute of Internal Auditors (IIA); and the National Association of Corporate Directors (NACD).
The AFC's 22-page report builds on Mitigating the Risk of Common Fraud Schemes: Insights from SEC Enforcement Actions, which in January 2021 identified common fraud schemes found in an analysis of SEC enforcement actions issued from 2014 through mid-2019.
Revenue recognition topped the list of fraud schemes that rose to the level of SEC enforcement, present in 40% of the cases spanning that five-and-a-half-year period. That was followed by revenue recovery issues, when entities are "either claiming revenue before all the terms of the agreement or the contract were complied with, or setting up false accounts and customers," said Margot Cella, vice president for research and anti-fraud initiatives at the CAQ.
Loan impairments — where it becomes unlikely that the full contractual principal and interest will be repaid or paid — represented a third issue the report identified. Here, Cella stressed that impairments "do not just apply only to banks; they can also apply to companies and debt covenants."
While the above fraud manifestations differ, each shares a root cause: tone at the top that sends a signal that it's OK to bend the rules.
"Modeling ethical behavior to managers, and empowering managers to model ethical behavior to their teams, sets up an environment and culture that discourages fraudulent behavior," said Katherine Edgar, CPA, controller at Willory LLC in the Cleveland area.
By contrast, "If employees see the upper management violating that code of conduct, it may make it seem like anybody could do it," Cella said. Corporate culture also plays a role if it reinforces a top-down message to look the other way when evidence of fraud presents itself.
Or company leadership simply falls down on the job and leaves significant gaps for fraudsters to exploit. "Either the company did not have a strong compliance or ethics program, or one for ethics but not compliance," Cella said.
Here are four recommendations to help finance professionals temper the risk of fraud at their organizations.
Watch out during employee turnover. Especially during the Great Resignation — continuing a trend from the second quarter of 2021, 12.7 million workers quit their jobs in the third quarter, according to the U.S. Department of Labor — employee turnover creates ripe conditions for fraud. If experienced finance professionals depart a company or get promoted, people with skill deficits, insufficient training, or lack of clarity regarding their new assignment may take their place. "So there's this potential scenario where someone in a new position may be unsure of what the job entails and/or is inexperienced enough that a more senior staff member, such as the CFO, can take advantage of that," Cella said.
Edgar said, "Ensuring that employees have the proper training and guidance to recognize the proper way to record transactions makes it less likely that the employee will be swayed by management to record transactions improperly."
Talk to your supervisor — or higher. Cella stressed that in cases where an employee suspects fraud, it's important to start within the company in case the employee misunderstood a conversation or event. "First and foremost, mention it to your immediate supervisor, your manager, particularly if this involves somebody much higher up." If you believe your supervisor is involved in the wrongdoing, go to the next level above them.
Use the company's whistleblower hotline or program. When whistleblower programs work as designed, they afford a level of anonymity and protection against retribution from executives who may be part of the fraud scheme. In many cases, third-party vendors who spot fraud can also avail themselves of an organization's internal whistleblower program.
Exercise professional skepticism. While external auditors apply professional skepticism as part of their work, "everybody in the financial reporting supply chain should be skeptical," Cella said. Audit committee members, for example, will want to know not just the numbers themselves, but how the company reached them.
"All the members of the financial reporting supply chain have a role," Cella added. "Management is supposed to be doing risk assessment but should also focus on enterprise risks that can impact the financial statements or the financial reporting. And audit committees shouldn't just take what management says. Ask the right questions; take advantage of the relationship you have with the audit firm."
— Lou Carlozo is a senior writer with the Association of International Certified Professional Accountants. To comment on this article or to suggest an idea for another article, contact Drew Adamek, a JofA senior editor, at Andrew.Adamek@aicpa-cima.com.