Ethics in Crisis

A crisis puts crucial business ethics at risk. Here is how to guard against fraud in times of turmoil.

Business ethics are crucial during a crisis. We have already seen an increase in fraud as a result of COVID-19: In April 2020, the FBI reported a four-fold increase in reported cybercrimes, and the Federal Trade Commission has reported that Americans have already lost more than $13 million in COVID-19-related scams. Companies are scaling back their workforces, which impacts segregation of duties. Additionally, senior leadership teams are focused more on operations and modifying forward-looking strategies than they are on compliance and review. While it is a time to review what processes can be modified, ensure you and your organization are upholding ethical standards and keeping controls intact to prevent and detect fraud.

FRAUD DURING CRISIS

Turbulent times lead to a rise in fraudulent activity. After the 2008 financial crisis, the SEC pursued lawsuits and charges against more than 200 organizations and individuals, which cost approximately $3.76 billion in disgorgement, penalties, and other monetary relief. In the wake of Hurricanes Katrina and Rita, the Government Accountability Office estimates that between $600 million and $1.4 billion of funds were distributed by FEMA because of fraudulent requests.

In the current pandemic, government relief programs like the Payroll Protection Program and the Economic Injury Disaster Loan program will draw fraudulent requests. If you apply for these funds for your organization or your clients, carefully document your rationale for determining need and how the funds will be used. If you have questions, reach out to the Small Business Association for guidance.

THE ROOTS OF FRAUD

As you continue to work to prevent fraud in your organization, you should understand how fraud transpires. David T. Wolfe and Dana R. Hermanson explained the framework for fraud in their The CPA Journal article, “The Fraud Diamond: Considering the Four Elements of Fraud.” Wolfe and Hermanson built upon Donald Cressey’s fraud triangle by adding a fourth key factor (capability) contributing to how a person commits fraud. Let’s examine each element of the fraud diamond in the light of the COVID-19 crisis. 

• Incentive/Pressure: While some relief exists, businesses and individuals are facing real economic challenges and struggling worldwide. This environment puts pressure on people to consider acting unethically. According to the ACFE’s 2020 Report to the Nations, 85 percent of all fraudsters displayed at least one behavioral red flag, and 26 percent were experiencing financial difficulties. 
  
  
• Rationalization: When people are struggling, they find it easier to justify unethical behavior, often along such lines as, “I am not hurting anyone,” or, “I need to provide for my family.”
  
  
• Opportunity: Many organizations are employing remote workforces, which changes controls, limits oversight, and may reduce the time we discuss decisions with our colleagues. 
  
  
• Capability: According to the same ACFE report, a fraud perpetrator’s higher education level corresponds to higher capabilities to commit fraud. Higher education levels also correlate with higher levels of management, which puts them in more influential positions to perpetuate frauds. Additionally, in an economic crisis, some may argue that these higher-level executives have more to lose in terms of assets and lifestyle—42 percent of fraudsters reviewed in the ACFE report were living beyond their means.

STOPPING FRAUD BEFORE IT HAPPENS

You should already frequently review prevention and detection measures in your organization, and now it is imperative to assess their effectiveness. Organizations are already suffering due to the economic pressures from COVID-19, and fraud can compound their losses.

A lack of internal controls accounts for approximately one-third of all frauds according to the ACFE. The presence of controls reduces fraud losses and is associated with quicker detection. Here is a list of prevention controls you should assess for your organization:

• Code of Conduct: Distribute a formal code to employees during onboarding and ask them to revisit and acknowledge it periodically. You should regularly review it for accuracy and include situations that may be common to your organization to help employees understand the risks and their expected behaviors.
  
  
• Management Review: Ensure at least two trusted people are involved in key decisions and have them document the rationale for decisions. This control is especially important with more people working remotely.
  
  
• Fraud Training: Teach your employees about common fraud schemes they may be subject to, like phishing, and other schemes that they could be more susceptible to in a crisis. Encourage them to speak up when something does not look right, and ensure you have anti-retaliatory policies in place.

Even if your organization has prevention controls in place, fraud may still occur, so design effective detection controls, too. Detection controls work best with prevention controls in place. The ACFE report noted that organizations with fraud awareness training are more likely to gather tips through formal reporting mechanisms than those without training. Here is a list of detection controls you should implement:

• Whistleblower Hotline: Provide an anonymous way for employees to report suspicious behavior, either via phone or email. Median losses from fraud are nearly double at organizations without hotlines. 
  
  
• Management Review: This control is for both prevention and detection. Implement a process where management members review decisions where other management members were involved. 
  
  
• Independent Review: Ask another party to review your work; another party can be external audit, internal audit, or employees independent from a process. The more people are looking at key processes (payroll, accounting, financial statement reporting, etc.), the more likely fraud will be discovered if it is happening. 

The pressure is on right now, and the environment is ripe for fraud. By understanding fraud and properly preparing for it, we can maintain a robust ethical framework for ourselves and our organizations.

---

If you need support or have a question, please reach out to the AICPA Ethics Hotline: 1.888.777.7077. Additionally, if you are aware of or suspicious of an individual or organizational fraud, please consider contacting the National Center of Disaster Fraud Hotline: 1.866.720.5721 or visit justice.gov/disastercomplaintform.