Ethics Engaged | Summer 2020
Ethics in Crisis
A crisis puts crucial business ethics at risk. Here is how to guard against fraud in times of turmoil.
Elizabeth Pittelkow Kittner
CFO, GigaOm
Exploring Ethics in Business & Finance Today
Business ethics are crucial during a crisis. We have already seen an increase in fraud as a
result of COVID-19: In April 2020, the FBI reported
a four-fold increase in reported
cybercrimes, and the Federal Trade Commission has reported that Americans have already
lost
more than $13 million in COVID-19-related scams. Companies are scaling back their
workforces, which impacts segregation of duties. Additionally, senior leadership teams are
focused more on operations and modifying forward-looking strategies than they are on
compliance and review. While it is a time to review what processes can be modified, ensure
you and your organization are upholding ethical standards and keeping controls intact to
prevent and detect fraud.
FRAUD DURING CRISIS
Turbulent times lead to a rise in fraudulent activity. After the 2008 financial crisis, the SEC
pursued lawsuits and charges against
more than 200 organizations and individuals, which
cost approximately $3.76 billion in disgorgement, penalties, and other monetary relief. In
the wake of Hurricanes Katrina and Rita, the Government Accountability Office estimates
that
between $600 million and $1.4 billion of funds were distributed by FEMA because of
fraudulent requests.
In the current pandemic, government relief programs like the Payroll Protection Program
and the Economic Injury Disaster Loan program will draw fraudulent requests. If you apply
for these funds for your organization or your clients, carefully document your rationale for
determining need and how the funds will be used. If you have questions, reach out to the
Small Business Association for guidance.
THE ROOTS OF FRAUD
As you continue to work to prevent fraud in your organization, you should understand how
fraud transpires. David T. Wolfe and Dana R. Hermanson explained the framework for fraud
in their The CPA Journal article, “The Fraud Diamond: Considering the Four Elements of
Fraud.” Wolfe and Hermanson built upon Donald Cressey’s fraud triangle by adding a fourth
key factor (capability) contributing to how a person commits fraud. Let’s examine each
element of the fraud diamond in the light of the COVID-19 crisis.
- Incentive/Pressure: While some relief exists, businesses and individuals are facing real
economic challenges and struggling worldwide. This environment puts pressure on
people to consider acting unethically. According to the ACFE’s 2020 Report to the Nations, 85 percent of all fraudsters displayed at least one behavioral red flag, and 26
percent were experiencing financial difficulties.
- Rationalization: When people are struggling, they find it easier to justify unethical
behavior, often along such lines as, “I am not hurting anyone,” or, “I need to provide for
my family.”
- Opportunity: Many organizations are employing remote workforces, which changes
controls, limits oversight, and may reduce the time we discuss decisions with our
colleagues.
- Capability: According to the same ACFE report, a fraud perpetrator’s higher education
level corresponds to higher capabilities to commit fraud. Higher education levels also
correlate with higher levels of management, which puts them in more influential positions to perpetuate frauds. Additionally, in an economic crisis, some
may argue that these higher-level executives have more to lose
in terms of assets and lifestyle—42 percent of fraudsters
reviewed in the ACFE report were living beyond their means.
STOPPING FRAUD BEFORE IT HAPPENS
You should already frequently review prevention and detection
measures in your organization, and now it is imperative to assess
their effectiveness. Organizations are already suffering due to
the economic pressures from COVID-19, and fraud can compound
their losses.
A lack of internal controls accounts for approximately one-third of
all frauds according to the ACFE. The presence of controls reduces
fraud losses and is associated with quicker detection. Here is a list
of prevention controls you should assess for your organization:
- Code of Conduct: Distribute a formal code to employees during
onboarding and ask them to revisit and acknowledge it
periodically. You should regularly review it for accuracy and include
situations that may be common to your organization to help
employees understand the risks and their expected behaviors.
- Management Review: Ensure at least two trusted people are
involved in key decisions and have them document the rationale
for decisions. This control is especially important with more
people working remotely.
- Fraud Training: Teach your employees about common fraud
schemes they may be subject to, like phishing, and other
schemes that they could be more susceptible to in a crisis.
Encourage them to speak up when something does not look
right, and ensure you have anti-retaliatory policies in place.
Even if your organization has prevention controls in place, fraud
may still occur, so design effective detection controls, too.
Detection controls work best with prevention controls in place. The
ACFE report noted that organizations with fraud awareness training
are more likely to gather tips through formal reporting mechanisms
than those without training. Here is a list of detection controls you
should implement:
- Whistleblower Hotline: Provide an anonymous way for employees
to report suspicious behavior, either via phone or email.
Median losses from fraud are nearly double at organizations
without hotlines.
- Management Review: This control is for both prevention
and detection. Implement a process where management
members review decisions where other management members
were involved.
- Independent Review: Ask another party to review your work;
another party can be external audit, internal audit, or employees
independent from a process. The more people are looking at
key processes (payroll, accounting, financial statement reporting,
etc.), the more likely fraud will be discovered if it is happening.
The pressure is on right now, and the environment is ripe for fraud.
By understanding fraud and properly preparing for it, we can maintain
a robust ethical framework for ourselves and our organizations.
If you need support or have a question, please reach out to the
AICPA Ethics Hotline: 1.888.777.7077. Additionally, if you are aware
of or suspicious of an individual or organizational fraud, please
consider contacting the National Center of Disaster Fraud Hotline:
1.866.720.5721 or visit justice.gov/disastercomplaintform.